Removing Viruses on flash
Hi Guys, I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2 Step 2: The rest There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus. This is what I do: I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :))
From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do. Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders: G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername> Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername> There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually. It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
Lawi, This is very good info.. For Flash dives also try the New LG ''Vaccine Fdisks'' that come with a free antivirus License. They are great. Contact offlist for pricing. Vaccine 2GB 4GB 8GB Finger Print 2GB 4GB I do hope you find this information helpful. Should you require any further assistance, please do not hesitate to contact us Alvin Ochieng Corporate Account Manager Greenline Technology Limited IT Hardware and Software Solutions 2nd Floor, Odyssey Plaza, Mukoma Road. Email :info@greenline.co.ke +254 20 651755 / 552086 +254 20 2425225 / 2429743 +254 20 559841 +254 722-219938/733-610758 Print only when necessary On Fri, Jul 3, 2009 at 7:27 AM, Mr. Lawi<mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Fri, Jul 3, 2009 at 7:50 AM, Alvin Jason Ochieng<ajochola@gmail.com> wrote:
Lawi,
This is very good info.. For Flash dives also try the New LG ''Vaccine Fdisks'' that come with a free antivirus License.
They are great. Contact offlist for pricing.
@Lawi: Great info. @Jason: Consider yourself contacted. Please send me the pricing. BR, S
Send Request to info@greenline.co.ke with the sizes you require. Alvin On Fri, Jul 3, 2009 at 9:06 AM, Steve Muchai<smuchai@gmail.com> wrote:
On Fri, Jul 3, 2009 at 7:50 AM, Alvin Jason Ochieng<ajochola@gmail.com> wrote:
Lawi,
This is very good info.. For Flash dives also try the New LG ''Vaccine Fdisks'' that come with a free antivirus License.
They are great. Contact offlist for pricing.
@Lawi: Great info.
@Jason: Consider yourself contacted. Please send me the pricing.
BR, S _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way! On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered.
Hey, Mine recreates as soon as i delete, any advise? David. On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually. that applies for your case. A service keeps recreating the virus. try the instructions in safe mode. If all fails, do a re-install with an immediate antivirus installation, complete with updates. Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them . Mcafee claims that the "program rejected the updates" in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share... David. On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: -
sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
try the above in Safe Mode. 2009/7/3 David Mugo <raidarmax@gmail.com>
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: -
sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
@David I have worked with one such and if it is the one on ur machine then this wil help: Tafuta file called winweb.exe in windows\system32. It loads 2 dll files on boot - iconhandle.dll and webad.dll in sys32 folder. U cant remove this while explorer is running. Start task manager, go to processes, right click on explorer and end all processes. Only the task manager will be left running. On taskmgr, start new prog, cmd, then in cmd, go to sys32 and remove those 3 files: winweb.exe, webad.dll and iconhandle.dll. I usually rename for safety' sake. Reboot ur machine n u r good to go. On 7/3/09, David Mugo <raidarmax@gmail.com> wrote:
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: -
sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
This is actually on my mini SD for my phone. David. On Thu, Jul 2, 2009 at 10:45 PM, Mr. Lawi <mail2lawi@gmail.com> wrote:
@David I have worked with one such and if it is the one on ur machine then this wil help: Tafuta file called winweb.exe in windows\system32. It loads 2 dll files on boot - iconhandle.dll and webad.dll in sys32 folder. U cant remove this while explorer is running. Start task manager, go to processes, right click on explorer and end all processes. Only the task manager will be left running. On taskmgr, start new prog, cmd, then in cmd, go to sys32 and remove those 3 files: winweb.exe, webad.dll and iconhandle.dll. I usually rename for safety' sake. Reboot ur machine n u r good to go.
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating
incase
you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that
executes
the
virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash
On 7/3/09, David Mugo <raidarmax@gmail.com> wrote: -
firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes
like -
sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
I meant Micro SD On Thu, Jul 2, 2009 at 10:47 PM, David Mugo <raidarmax@gmail.com> wrote:
This is actually on my mini SD for my phone.
David.
On Thu, Jul 2, 2009 at 10:45 PM, Mr. Lawi <mail2lawi@gmail.com> wrote:
@David I have worked with one such and if it is the one on ur machine then this wil help: Tafuta file called winweb.exe in windows\system32. It loads 2 dll files on boot - iconhandle.dll and webad.dll in sys32 folder. U cant remove this while explorer is running. Start task manager, go to processes, right click on explorer and end all processes. Only the task manager will be left running. On taskmgr, start new prog, cmd, then in cmd, go to sys32 and remove those 3 files: winweb.exe, webad.dll and iconhandle.dll. I usually rename for safety' sake. Reboot ur machine n u r good to go.
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably
there
is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: > Hi Guys, > > I thought I should post something about removing viruses: > Step 1: Run the virus scan on the flash drive. > If you dont have an av or feel that it missed something, proceed to step 2 > > Step 2: The rest > > There is this virus family that hides all folders in a flash and creates new > files with the original folder name and appending a .exe. So if you > had a > folder called Docs, u will see Docs.exe. If you have not enabled display of > file extensions, the .exe part will not be seen. So all you will
see
> is > Docs. You double click it thinking its your folder, and that executes the > virus. > > This is what I do: > > I DO NOT double click on a flash drive directly in My Computer - (actually > that's what I do not do) > After ascertaining the drive letter (lets say its G:), go to Start -> Run -> > cmd > > C:\Documents and Settings\etc>G: > Move to the root of the flash > G:\> > Type dir /a > This shows all the folders (like ls -a in Linux) including hidden ones > > If you do see autorun.inf you can check what file it activates by typing > G:\>more autorun.if > (There is more in windows, yey! No less, though :)) > From the output you can see the file/virus being called by the autorun.inf. > Autorun.inf gets executed when u double click on the drive letter on > my > computer. > > Remove the autorun.inf > G:\>attrib -h -r -s autorun.inf > This removes s(ystem), r(ead only) and h(idden) attributes. > On Linux/cygwin, u can do chmod 777 autorun.inf > G:\>del autorun.inf > > Removing the 'fake' .exe folders > dir *.exe - This will list all .exes > You can delete all of them by using del *.exe. However, deleting one > by one > is recommended since you might have a valid .exe file on your flash
On 7/3/09, David Mugo <raidarmax@gmail.com> wrote: -
like > firefox_3.05.exe > > G:\>del Docs.exe > Access Denied > If u get the Access Denied error, its most probably of file attributes - > sometimes the virus sets them as system files or read only > > This command resets all the attributes > G:\>attrib -h -r -s Docs.exe > del Docs.exe should now work > > Do the same for all .exes > Again, if using cygwin (or if removing from linux), chmod 777, then rm -i > *.exe should do. > > Next Step: Displaying hidden folders > The folders in the flash were set to attrib s by the virus hence > making them > hidden from normal view. > To see them, do a dir /a. A better way is to a dir /a:s This will show all > files with attribute s(ystem) > Again, do a reset of attributes for all folders: > > G:\>attrib -s -h -r <foldername> > Guys running cygwin can do this using the chmod 777 -R <foldername> > > Summary: > G:\>dir /a > G:\>more autorun.if > G:\>attrib -h -r -s autorun.inf > G:\>del autorun.inf > G:\>attrib -h -r -s <filename>.exe > G:\>del <filename>.exe > G:\>dir /a:s > G:\>attrib -s -h -r <foldername> > > There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc > folders: Going into these will make an already long mail too long. > Feel free > to explore there and search and delete virus files. Do not delete the > RECYCLER folder > > Disclaimer: > The set of instructions mostly work for flash disks. They might work > on hdds > as well but if a virus is already on a hdd then most probably there is a > service/daemon/dll that is running in memory regenerating the virus files. > Thats what anti-viruses are for. But they can be removed - manually. > > It covers only a very small sub-set of viruses/trojans/worms - they mean the > same to me:( so an antivirus is still the better option. >
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
-- Got any life problems? visit www.dearkenya.com
just treat it like a flash disk 2009/7/3 David Mugo <raidarmax@gmail.com>
I meant Micro SD
On Thu, Jul 2, 2009 at 10:47 PM, David Mugo <raidarmax@gmail.com> wrote:
This is actually on my mini SD for my phone.
David.
On Thu, Jul 2, 2009 at 10:45 PM, Mr. Lawi <mail2lawi@gmail.com> wrote:
@David I have worked with one such and if it is the one on ur machine then this wil help: Tafuta file called winweb.exe in windows\system32. It loads 2 dll files on boot - iconhandle.dll and webad.dll in sys32 folder. U cant remove this while explorer is running. Start task manager, go to processes, right click on explorer and end all processes. Only the task manager will be left running. On taskmgr, start new prog, cmd, then in cmd, go to sys32 and remove those 3 files: winweb.exe, webad.dll and iconhandle.dll. I usually rename for safety' sake. Reboot ur machine n u r good to go.
On 7/3/09, David Mugo <raidarmax@gmail.com> wrote:
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work
on
hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
> You are better than Mortein Doom! Even Louie the pest would cringe
at
> your sighting! Thanx 4 the tutorial, it goes a long way! > > On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: > > Hi Guys, > > > > I thought I should post something about removing viruses: > > Step 1: Run the virus scan on the flash drive. > > If you dont have an av or feel that it missed something, proceed to > step 2 > > > > Step 2: The rest > > > > There is this virus family that hides all folders in a flash and > creates new > > files with the original folder name and appending a .exe. So if you > > had > a > > folder called Docs, u will see Docs.exe. If you have not enabled > display of > > file extensions, the .exe part will not be seen. So all you will see > > is > > Docs. You double click it thinking its your folder, and that executes > the > > virus. > > > > This is what I do: > > > > I DO NOT double click on a flash drive directly in My Computer - > (actually > > that's what I do not do) > > After ascertaining the drive letter (lets say its G:), go to Start -> > Run -> > > cmd > > > > C:\Documents and Settings\etc>G: > > Move to the root of the flash > > G:\> > > Type dir /a > > This shows all the folders (like ls -a in Linux) including hidden ones > > > > If you do see autorun.inf you can check what file it activates by > typing > > G:\>more autorun.if > > (There is more in windows, yey! No less, though :)) > > From the output you can see the file/virus being called by the > autorun.inf. > > Autorun.inf gets executed when u double click on the drive letter on > > my > > computer. > > > > Remove the autorun.inf > > G:\>attrib -h -r -s autorun.inf > > This removes s(ystem), r(ead only) and h(idden) attributes. > > On Linux/cygwin, u can do chmod 777 autorun.inf > > G:\>del autorun.inf > > > > Removing the 'fake' .exe folders > > dir *.exe - This will list all .exes > > You can delete all of them by using del *.exe. However, deleting one > > by > one > > is recommended since you might have a valid .exe file on your flash - > like > > firefox_3.05.exe > > > > G:\>del Docs.exe > > Access Denied > > If u get the Access Denied error, its most probably of file attributes > - > > sometimes the virus sets them as system files or read only > > > > This command resets all the attributes > > G:\>attrib -h -r -s Docs.exe > > del Docs.exe should now work > > > > Do the same for all .exes > > Again, if using cygwin (or if removing from linux), chmod 777, then rm > -i > > *.exe should do. > > > > Next Step: Displaying hidden folders > > The folders in the flash were set to attrib s by the virus hence > > making > them > > hidden from normal view. > > To see them, do a dir /a. A better way is to a dir /a:s This will show > all > > files with attribute s(ystem) > > Again, do a reset of attributes for all folders: > > > > G:\>attrib -s -h -r <foldername> > > Guys running cygwin can do this using the chmod 777 -R <foldername> > > > > Summary: > > G:\>dir /a > > G:\>more autorun.if > > G:\>attrib -h -r -s autorun.inf > > G:\>del autorun.inf > > G:\>attrib -h -r -s <filename>.exe > > G:\>del <filename>.exe > > G:\>dir /a:s > > G:\>attrib -s -h -r <foldername> > > > > There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc > > folders: Going into these will make an already long mail too long. > > Feel > free > > to explore there and search and delete virus files. Do not delete the > > RECYCLER folder > > > > Disclaimer: > > The set of instructions mostly work for flash disks. They might work > > on > hdds > > as well but if a virus is already on a hdd then most probably there is > a > > service/daemon/dll that is running in memory regenerating the virus > files. > > Thats what anti-viruses are for. But they can be removed - manually. > > > > It covers only a very small sub-set of viruses/trojans/worms - they > mean the > > same to me:( so an antivirus is still the better option. > > > > > -- > People should know when they are conquered. > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
Just remembered something, you can use prefetch on xp to see which progs hav been executed. If u see a suspicious file, just google it. To access prefetch, type prefetch on start->run. Not sure about vista On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote:
@David I have worked with one such and if it is the one on ur machine then this wil help: Tafuta file called winweb.exe in windows\system32. It loads 2 dll files on boot - iconhandle.dll and webad.dll in sys32 folder. U cant remove this while explorer is running. Start task manager, go to processes, right click on explorer and end all processes. Only the task manager will be left running. On taskmgr, start new prog, cmd, then in cmd, go to sys32 and remove those 3 files: winweb.exe, webad.dll and iconhandle.dll. I usually rename for safety' sake. Reboot ur machine n u r good to go.
On 7/3/09, David Mugo <raidarmax@gmail.com> wrote:
Thanks...solution to this? Anyway, I will give it more time and if i get a solution I will share...
David.
On Thu, Jul 2, 2009 at 10:32 PM, Dennis Kioko <dmbuvi@gmail.com> wrote:
David, Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
that applies for your case. A service keeps recreating the virus.
try the instructions in safe mode.
If all fails, do a re-install with an immediate antivirus installation, complete with updates.
Plese note that some viruses disable your anitivirus from updating incase you are using old updates that don't detect them .
Mcafee claims that the "program rejected the updates"
in such a case, uninstall->install->update immediately. 2009/7/3 David Mugo <raidarmax@gmail.com>
Hey,
Mine recreates as soon as i delete, any advise?
David.
On Thu, Jul 2, 2009 at 9:52 PM, nyarotho kennedy <kenyarotho@gmail.com>wrote:
You are better than Mortein Doom! Even Louie the pest would cringe at your sighting! Thanx 4 the tutorial, it goes a long way!
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes
On 7/3/09, Mr. Lawi <mail2lawi@gmail.com> wrote: -
sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
-- People should know when they are conquered. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Got any life problems? visit www.dearkenya.com
On Fri, Jul 3, 2009 at 7:27 AM, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
@Mr Lawi, Very good information this is, but quite time consuming. Imagine you were doing this as a commercial venture. It will take you so much time. The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok. You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
The best way to beat these nasty autorun Viruses is to prevent them from infecting your PC. Most of them also change the registry so that they get executed every time you start your computer, so that's why sometimes you can see the culprit .exe file but you just can't delete it. You should start you computer in Safe Mode, edit the registry and under Windows/CurrentVersion/Run, check for suspicios entries with .exe files. Then remove them. And delete the files they point to. But the best and sure way is use an AntiVirus like McAfee you set to maximum protection and it prevents registry changes, creation of remote autorun file (the kind these viruses create) and this will make sure you computer is virus free. 2009/7/3 Odhiambo ワシントン <odhiambo@gmail.com>
On Fri, Jul 3, 2009 at 7:27 AM, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
@Mr Lawi,
Very good information this is, but quite time consuming. Imagine you were doing this as a commercial venture. It will take you so much time. The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok. You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
An additional suggestion for your uninfected flash disk is to create a folder called "autorun.inf". That way even if you stick it into an infected PC the virus will be unable to create an autorun file. Kind regards, -- Dr. Thomas Odeny ________________________________ From: Philip Musyoki <pmusyoki@gmail.com> To: Skunkworks forum <skunkworks@lists.my.co.ke> Sent: Friday, July 3, 2009 9:36:08 AM Subject: Re: [Skunkworks] Removing Viruses on flash The best way to beat these nasty autorun Viruses is to prevent them from infecting your PC. Most of them also change the registry so that they get executed every time you start your computer, so that's why sometimes you can see the culprit .exe file but you just can't delete it. You should start you computer in Safe Mode, edit the registry and under Windows/CurrentVersion/Run, check for suspicios entries with .exe files. Then remove them. And delete the files they point to. But the best and sure way is use an AntiVirus like McAfee you set to maximum protection and it prevents registry changes, creation of remote autorun file (the kind these viruses create) and this will make sure you computer is virus free. 2009/7/3 Odhiambo ワシントン <odhiambo@gmail.com>
On Fri, Jul 3, 2009 at 7:27 AM, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing
G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders
dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe
Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe
del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view.
To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s
G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
@Mr Lawi,
Very good information this is, but quite time consuming. Imagine you were doing this as a commercial venture. It will take you so much time. The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok.
You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!."
-- Lucky Dube
_______________________________________________
Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
On Fri, Jul 3, 2009 at 10:54 AM, Thomas Odeny <taodeny@yahoo.com> wrote:
An additional suggestion for your uninfected flash disk is to create a folder called "autorun.inf". That way even if you stick it into an infected PC the virus will be unable to create an autorun file.
I love this one. Fighting fire with fire, literally:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
@Wash I hear u. I'll get that cd. Just to add to ur info, to make system files visible, in tools-> folder options, uncheck 'Hide protected os files'. On 7/3/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
On Fri, Jul 3, 2009 at 7:27 AM, Mr. Lawi <mail2lawi@gmail.com> wrote:
Hi Guys,
I thought I should post something about removing viruses: Step 1: Run the virus scan on the flash drive. If you dont have an av or feel that it missed something, proceed to step 2
Step 2: The rest
There is this virus family that hides all folders in a flash and creates new files with the original folder name and appending a .exe. So if you had a folder called Docs, u will see Docs.exe. If you have not enabled display of file extensions, the .exe part will not be seen. So all you will see is Docs. You double click it thinking its your folder, and that executes the virus.
This is what I do:
I DO NOT double click on a flash drive directly in My Computer - (actually that's what I do not do) After ascertaining the drive letter (lets say its G:), go to Start -> Run -> cmd
C:\Documents and Settings\etc>G: Move to the root of the flash G:\> Type dir /a This shows all the folders (like ls -a in Linux) including hidden ones
If you do see autorun.inf you can check what file it activates by typing G:\>more autorun.if (There is more in windows, yey! No less, though :)) From the output you can see the file/virus being called by the autorun.inf. Autorun.inf gets executed when u double click on the drive letter on my computer.
Remove the autorun.inf G:\>attrib -h -r -s autorun.inf This removes s(ystem), r(ead only) and h(idden) attributes. On Linux/cygwin, u can do chmod 777 autorun.inf G:\>del autorun.inf
Removing the 'fake' .exe folders dir *.exe - This will list all .exes You can delete all of them by using del *.exe. However, deleting one by one is recommended since you might have a valid .exe file on your flash - like firefox_3.05.exe
G:\>del Docs.exe Access Denied If u get the Access Denied error, its most probably of file attributes - sometimes the virus sets them as system files or read only
This command resets all the attributes G:\>attrib -h -r -s Docs.exe del Docs.exe should now work
Do the same for all .exes Again, if using cygwin (or if removing from linux), chmod 777, then rm -i *.exe should do.
Next Step: Displaying hidden folders The folders in the flash were set to attrib s by the virus hence making them hidden from normal view. To see them, do a dir /a. A better way is to a dir /a:s This will show all files with attribute s(ystem) Again, do a reset of attributes for all folders:
G:\>attrib -s -h -r <foldername> Guys running cygwin can do this using the chmod 777 -R <foldername>
Summary: G:\>dir /a G:\>more autorun.if G:\>attrib -h -r -s autorun.inf G:\>del autorun.inf G:\>attrib -h -r -s <filename>.exe G:\>del <filename>.exe G:\>dir /a:s G:\>attrib -s -h -r <foldername>
There are other stuff to consider like SYSTEM, RECYCLER, RECYCLED,etc folders: Going into these will make an already long mail too long. Feel free to explore there and search and delete virus files. Do not delete the RECYCLER folder
Disclaimer: The set of instructions mostly work for flash disks. They might work on hdds as well but if a virus is already on a hdd then most probably there is a service/daemon/dll that is running in memory regenerating the virus files. Thats what anti-viruses are for. But they can be removed - manually.
It covers only a very small sub-set of viruses/trojans/worms - they mean the same to me:( so an antivirus is still the better option.
@Mr Lawi,
Very good information this is, but quite time consuming. Imagine you were doing this as a commercial venture. It will take you so much time. The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok. You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry; http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files.... -- I know everything, what I don't know I just haven't googled yet. Edwin Wambua Tel No:+254721995519
On Fri, Jul 3, 2009 at 10:44 AM, Edwin Wambua <eddwak@gmail.com> wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
Even easier, download and run ComboFix.exe and you are done. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
Hi Guys Ok I get it all you guys are windows guys, don''t worry I was there before I realized what the Matrix was. Nway lets start: A virus cannot recreate itself once deleted it only means u deleted the recreated virus/file you gotta clean all. Mostly as indicated above, on systems by Bill Gates these files/viruses hide in C:/Windows/System32. If you follow the steps outlined above you can see them i.e. make sure hidden files are visible and also file extensions. Another way to locate these 'viruses/files' is to use msconfig command, that brings up a config screen which your main interest should be the "startup" tab. Go thru the programs listed there and you may see your culplits e.g sasha.vbs including the path. Here you have a choice of stopping thing u dont want to run at startup, for files you would like to delete you have to disable them from starting at startup then restart your machine. Now you should be able to delete these files. There are many more tweaks including SAFE MODE but the best is going the TUX way ie linux. Hehe hope that helps. Cheers. Themburu On 7/3/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
On Fri, Jul 3, 2009 at 10:44 AM, Edwin Wambua <eddwak@gmail.com> wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
Even easier, download and run ComboFix.exe and you are done.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
Now George Njoroge, you forgot that we Linux users have to maintain Windows machines and remove viruses in machines where users don't bother doing back -ups. 2009/7/3 George Njoroge <themburu@gmail.com>
Hi Guys
Ok I get it all you guys are windows guys, don''t worry I was there before I realized what the Matrix was. Nway lets start: A virus cannot recreate itself once deleted it only means u deleted the recreated virus/file you gotta clean all. Mostly as indicated above, on systems by Bill Gates these files/viruses hide in C:/Windows/System32. If you follow the steps outlined above you can see them i.e. make sure hidden files are visible and also file extensions. Another way to locate these 'viruses/files' is to use msconfig command, that brings up a config screen which your main interest should be the "startup" tab. Go thru the programs listed there and you may see your culplits e.g sasha.vbs including the path. Here you have a choice of stopping thing u dont want to run at startup, for files you would like to delete you have to disable them from starting at startup then restart your machine. Now you should be able to delete these files. There are many more tweaks including SAFE MODE but the best is going the TUX way ie linux.
Hehe hope that helps. Cheers.
Themburu
On 7/3/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
On Fri, Jul 3, 2009 at 10:44 AM, Edwin Wambua <eddwak@gmail.com> wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
Even easier, download and run ComboFix.exe and you are done.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
Would be interesting to see if some of you become better at Securing Windows after going through http://blogs.msdn.com/ntdebugging/pages/exam-preparation-information-for-exa... .....It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it. http://www.wired.com/threatlevel/2009/04/air-force-windows/ 2009/7/3 Dennis Kioko <dmbuvi@gmail.com>
Now George Njoroge, you forgot that we Linux users have to maintain Windows machines and remove viruses in machines where users don't bother doing back -ups.
2009/7/3 George Njoroge <themburu@gmail.com>
Hi Guys
Ok I get it all you guys are windows guys, don''t worry I was there before I realized what the Matrix was. Nway lets start: A virus cannot recreate itself once deleted it only means u deleted the recreated virus/file you gotta clean all. Mostly as indicated above, on systems by Bill Gates these files/viruses hide in C:/Windows/System32. If you follow the steps outlined above you can see them i.e. make sure hidden files are visible and also file extensions. Another way to locate these 'viruses/files' is to use msconfig command, that brings up a config screen which your main interest should be the "startup" tab. Go thru the programs listed there and you may see your culplits e.g sasha.vbs including the path. Here you have a choice of stopping thing u dont want to run at startup, for files you would like to delete you have to disable them from starting at startup then restart your machine. Now you should be able to delete these files. There are many more tweaks including SAFE MODE but the best is going the TUX way ie linux.
Hehe hope that helps. Cheers.
Themburu
On 7/3/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
On Fri, Jul 3, 2009 at 10:44 AM, Edwin Wambua <eddwak@gmail.com> wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
Even easier, download and run ComboFix.exe and you are done.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
So I was going through the reviews on the Wired and when checking out the Lenovo ThinkPad X300, I found this comment below. People are so naive. Jesus? 10 USD for a laptop? "*Posted by: mirfan* *149 days ago1 Point* *Some one told me that India is making a laptop which would cost only $10, is it really true? How can some one make such a cheap laptop when Windows basic version costs around $99?"* 2009/7/3 Murigi Muraya <mmskunkworks@gmail.com>
Would be interesting to see if some of you become better at Securing Windows after going through http://blogs.msdn.com/ntdebugging/pages/exam-preparation-information-for-exa...
.....It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.
http://www.wired.com/threatlevel/2009/04/air-force-windows/
2009/7/3 Dennis Kioko <dmbuvi@gmail.com>
Now George Njoroge, you forgot that we Linux users have to maintain Windows machines and remove viruses in machines where users don't bother doing back -ups.
2009/7/3 George Njoroge <themburu@gmail.com>
Hi Guys
Ok I get it all you guys are windows guys, don''t worry I was there before I realized what the Matrix was. Nway lets start: A virus cannot recreate itself once deleted it only means u deleted the recreated virus/file you gotta clean all. Mostly as indicated above, on systems by Bill Gates these files/viruses hide in C:/Windows/System32. If you follow the steps outlined above you can see them i.e. make sure hidden files are visible and also file extensions. Another way to locate these 'viruses/files' is to use msconfig command, that brings up a config screen which your main interest should be the "startup" tab. Go thru the programs listed there and you may see your culplits e.g sasha.vbs including the path. Here you have a choice of stopping thing u dont want to run at startup, for files you would like to delete you have to disable them from starting at startup then restart your machine. Now you should be able to delete these files. There are many more tweaks including SAFE MODE but the best is going the TUX way ie linux.
Hehe hope that helps. Cheers.
Themburu
On 7/3/09, Odhiambo ワシントン <odhiambo@gmail.com> wrote:
On Fri, Jul 3, 2009 at 10:44 AM, Edwin Wambua <eddwak@gmail.com> wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
Even easier, download and run ComboFix.exe and you are done.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
And some of them disable regedit Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519 ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Hey Kioko Dennis, I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing. @All Cheerz themburu On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519 ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis. On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519 ------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com {FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include: - unplug a network cable from a desktop to a laptop - find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse - Design a document in powerpoint(User doesn't have an idea how to) Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place). the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out. Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
Dennis, You've made my day. I remember in the 90's when we used to support SCB - Country wide. Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!! On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email?
Oooh Men, Kioko you have made my evening. I think we should start a thread on that since it was very hilarious. Cheerz Themburu On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote:
@Lawi, that wont always work since some viruses change registry settings to ensure you can't display hidden folders. You can make the changes suggested below to the registry;
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
-- I know everything, what I don't know I just haven't googled yet.
Edwin Wambua
Tel No:+254721995519
------------------------------------------------------------------------
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
Dennis you wouldn't believe this, it has gotten to a point where i just renamed the guest account and set it to auto-login, put up appropriate printing perms, disabled auto play for removable devices ..... but you still find that after a week these guys somehow manage to mess it up. I'm starting to think of thin clients veeeery seriously. On 07/03/2009, George Njoroge <themburu@gmail.com> wrote:
Oooh Men,
Kioko you have made my evening. I think we should start a thread on that since it was very hilarious.
Cheerz Themburu
On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution in the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote:
And some of them disable regedit
Edwin Wambua wrote: > @Lawi, that wont always work since some viruses change registry > settings to ensure you can't display hidden folders. > You can make the changes suggested below to the registry; > > >
http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files....
> > -- > I know everything, what I don't know I just haven't googled yet. > > Edwin Wambua > > Tel No:+254721995519 > >
> > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards, Ndambuki Muthoka David Phne: +254733476463;+254722316140 Addr: 2084 - 01000 Thika, Kenya.
we weould have acode word for such "support issues" ...called them ID-10-T (read idiot) errors On Fri, Jul 3, 2009 at 5:28 PM, David Ndambuki <damundx@gmail.com> wrote:
Dennis you wouldn't believe this, it has gotten to a point where i just renamed the guest account and set it to auto-login, put up appropriate printing perms, disabled auto play for removable devices ..... but you still find that after a week these guys somehow manage to mess it up.
I'm starting to think of thin clients veeeery seriously.
On 07/03/2009, George Njoroge <themburu@gmail.com> wrote:
Oooh Men,
Kioko you have made my evening. I think we should start a thread on that since it was very hilarious.
Cheerz Themburu
On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote:
Hey Kioko Dennis,
I at one time did not forget, thats why I offered the contribution
in
the most brief way possible plus as the IT guy you should provide alternative solutions other than the existing ones which are failing.
@All Cheerz themburu
On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote: > And some of them disable regedit > > Edwin Wambua wrote: >> @Lawi, that wont always work since some viruses change registry >> settings to ensure you can't display hidden folders. >> You can make the changes suggested below to the registry; >> >> >> http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files.... >> >> -- >> I know everything, what I don't know I just haven't googled yet. >> >> Edwin Wambua >> >> Tel No:+254721995519 >> >>
>> >> _______________________________________________ >> Skunkworks mailing list >> Skunkworks@lists.my.co.ke >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> Other services @ http://my.co.ke >> Other lists >> ------------- >> Skunkworks announce: >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >> > > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards,
Ndambuki Muthoka David Phne: +254733476463;+254722316140 Addr: 2084 - 01000 Thika, Kenya. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
I second George and Kiti, lets start an "ID-10-T" where support guys can post the most ridiculous problems they solve. On 03/07/2009, Kiti Chigiri <kiti.chigiri@gmail.com> wrote:
we weould have acode word for such "support issues" ...called them ID-10-T (read idiot) errors
On Fri, Jul 3, 2009 at 5:28 PM, David Ndambuki <damundx@gmail.com> wrote:
Dennis you wouldn't believe this, it has gotten to a point where i just renamed the guest account and set it to auto-login, put up appropriate printing perms, disabled auto play for removable devices ..... but you still find that after a week these guys somehow manage to mess it up.
I'm starting to think of thin clients veeeery seriously.
On 07/03/2009, George Njoroge <themburu@gmail.com> wrote:
Oooh Men,
Kioko you have made my evening. I think we should start a thread on that since it was very hilarious.
Cheerz Themburu
On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com>
Thats tru bro, I official stop supporting anything windows as from 2002 when xp was dropped. Find Alternatives Dennis.
On 7/3/09, George Njoroge <themburu@gmail.com> wrote: > Hey Kioko Dennis, > > I at one time did not forget, thats why I offered the contribution
in
> the most brief way possible plus as the IT guy you should provide > alternative solutions other than the existing ones which are failing. > > @All Cheerz > themburu > > > > On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote: >> And some of them disable regedit >> >> Edwin Wambua wrote: >>> @Lawi, that wont always work since some viruses change registry >>> settings to ensure you can't display hidden folders. >>> You can make the changes suggested below to the registry; >>> >>> >>> http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files.... >>> >>> -- >>> I know everything, what I don't know I just haven't googled yet. >>> >>> Edwin Wambua >>> >>> Tel No:+254721995519 >>> >>>
>>> >>> _______________________________________________ >>> Skunkworks mailing list >>> Skunkworks@lists.my.co.ke >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> Other services @ http://my.co.ke >>> Other lists >>> ------------- >>> Skunkworks announce: >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >>> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >>> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >>> >> >> _______________________________________________ >> Skunkworks mailing list >> Skunkworks@lists.my.co.ke >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> Other services @ http://my.co.ke >> Other lists >> ------------- >> Skunkworks announce: >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >> > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester infosigmer@inbox.com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://nspkenya.blogspot.com/ http://chuksjonia.blogspot.com/ http://www.kamongo.co.ke/ _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards,
Ndambuki Muthoka David Phne: +254733476463;+254722316140 Addr: 2084 - 01000 Thika, Kenya. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
There is also a sub-category - let's call it ID-10-TS. In this category are those cases where the support guys are at fault. Example: I have a machine in a data centre, which I access remotely via SSH (I won't say where (well, I may, if given copious quantities of the 'amber nectar')). One time, I couldn't connect, or ping the box. (/me calls 'support') Support Guy: "machine is not reponding, but our network is ok - even if we plug another machine, it works" Me: "Are any of the warning lights on?" Support: "No - just the 'power' led" Hmmmm.... (/me drives to the data centre) On arrival, I find the machine is OFF!!! (the 'power' led was lit, because there was power to the box!!!) Tony 2009/7/3 Dennis Kioko <dmbuvi@gmail.com>:
I second George and Kiti, lets start an "ID-10-T" where support guys can post the most ridiculous problems they solve.
On 03/07/2009, Kiti Chigiri <kiti.chigiri@gmail.com> wrote:
we weould have acode word for such "support issues" ...called them ID-10-T (read idiot) errors
On Fri, Jul 3, 2009 at 5:28 PM, David Ndambuki <damundx@gmail.com> wrote:
Dennis you wouldn't believe this, it has gotten to a point where i just renamed the guest account and set it to auto-login, put up appropriate printing perms, disabled auto play for removable devices ..... but you still find that after a week these guys somehow manage to mess it up.
I'm starting to think of thin clients veeeery seriously.
On 07/03/2009, George Njoroge <themburu@gmail.com> wrote:
Oooh Men,
Kioko you have made my evening. I think we should start a thread on that since it was very hilarious.
Cheerz Themburu
On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote:
you guys dont know what it is to be in ICT support. It is the one place where no one like picking calls. Most of the problems are at layer 8 of the OSI Network model, the user. some of the problems i have solved in the recent past include:
unplug a network cable from a desktop to a laptop find out why a printer was not printing, whose user decided the printer cable ws the best place to hang her purse Design a document in powerpoint(User doesn't have an idea how to)
Worst of all, the users always know what is wrong with their computers, and tell you what you should fix(why did they call in the first place).
the best solution so far, is to give limited accounts and set strict antivirus settings as someone pointed out.
Otherwise, the user should be educated before they are emplyed. 2009/7/3 chuks Jonia <chuksjonia@gmail.com> > > Thats tru bro, I official stop supporting anything windows as from > 2002 when xp was dropped. Find Alternatives Dennis. > > On 7/3/09, George Njoroge <themburu@gmail.com> wrote: > > Hey Kioko Dennis, > > > > I at one time did not forget, thats why I offered the contribution in > > the most brief way possible plus as the IT guy you should provide > > alternative solutions other than the existing ones which are failing. > > > > @All Cheerz > > themburu > > > > > > > > On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote: > >> And some of them disable regedit > >> > >> Edwin Wambua wrote: > >>> @Lawi, that wont always work since some viruses change registry > >>> settings to ensure you can't display hidden folders. > >>> You can make the changes suggested below to the registry; > >>> > >>> > >>> http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files.... > >>> > >>> -- > >>> I know everything, what I don't know I just haven't googled yet. > >>> > >>> Edwin Wambua > >>> > >>> Tel No:+254721995519 > >>> > >>>
> >>> > >>> _______________________________________________ > >>> Skunkworks mailing list > >>> Skunkworks@lists.my.co.ke > >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > >>> Other services @ http://my.co.ke > >>> Other lists > >>> ------------- > >>> Skunkworks announce: > >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > >>> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > >>> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > >>> > >> > >> _______________________________________________ > >> Skunkworks mailing list > >> Skunkworks@lists.my.co.ke > >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > >> Other services @ http://my.co.ke > >> Other lists > >> ------------- > >> Skunkworks announce: > >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > >> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > >> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > >> > > _______________________________________________ > > Skunkworks mailing list > > Skunkworks@lists.my.co.ke > > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > > Other services @ http://my.co.ke > > Other lists > > ------------- > > Skunkworks announce: > > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > > > > > -- > -- > Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P > I.T Security Analyst and Penetration Tester > infosigmer@inbox.com > > {FORUM}http://lists.my.co.ke/pipermail/security/ > http://nspkenya.blogspot.com/ > http://chuksjonia.blogspot.com/ > http://www.kamongo.co.ke/ > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards,
Ndambuki Muthoka David Phne: +254733476463;+254722316140 Addr: 2084 - 01000 Thika, Kenya. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Tony White
LOL, thats quite funny. On 03/07/2009, Tony White <tony.mzungu@gmail.com> wrote:
There is also a sub-category - let's call it ID-10-TS. In this category are those cases where the support guys are at fault. Example:
I have a machine in a data centre, which I access remotely via SSH (I won't say where (well, I may, if given copious quantities of the 'amber nectar')). One time, I couldn't connect, or ping the box. (/me calls 'support') Support Guy: "machine is not reponding, but our network is ok - even if we plug another machine, it works" Me: "Are any of the warning lights on?" Support: "No - just the 'power' led" Hmmmm.... (/me drives to the data centre) On arrival, I find the machine is OFF!!! (the 'power' led was lit, because there was power to the box!!!)
Tony
2009/7/3 Dennis Kioko <dmbuvi@gmail.com>:
I second George and Kiti, lets start an "ID-10-T" where support guys can post the most ridiculous problems they solve.
On 03/07/2009, Kiti Chigiri <kiti.chigiri@gmail.com> wrote:
we weould have acode word for such "support issues" ...called them ID-10-T (read idiot) errors
On Fri, Jul 3, 2009 at 5:28 PM, David Ndambuki <damundx@gmail.com> wrote:
Dennis you wouldn't believe this, it has gotten to a point where i just renamed the guest account and set it to auto-login, put up appropriate printing perms, disabled auto play for removable devices ..... but you still find that after a week these guys somehow manage to mess it up.
I'm starting to think of thin clients veeeery seriously.
On 07/03/2009, George Njoroge <themburu@gmail.com> wrote:
Oooh Men,
Kioko you have made my evening. I think we should start a thread on that since it was very hilarious.
Cheerz Themburu
On 7/3/09, Alvin Jason Ochieng <ajochola@gmail.com> wrote:
Dennis,
You've made my day. I remember in the 90's when we used to support SCB - Country wide.
Drive from Kisumu to Eldoret to find a keboard is unplugged !!!! OMG
Mileage and 10k per call ....you guys should be paid handsomely but I coudn't take it no more!!!
On Fri, Jul 3, 2009 at 3:58 PM, Dennis Kioko<dmbuvi@gmail.com> wrote: > you guys dont know what it is to be in ICT support. It is the one > place > where no one like picking calls. Most of the problems are at layer 8 > of > the > OSI Network model, the user. some of the problems i have solved in > the > recent past include: > > unplug a network cable from a desktop to a laptop > find out why a printer was not printing, whose user decided the > printer > cable ws the best place to hang her purse > Design a document in powerpoint(User doesn't have an idea how to) > > Worst of all, the users always know what is wrong with their > computers, > and > tell you what you should fix(why did they call in the first place). > > the best solution so far, is to give limited accounts and set strict > antivirus settings as someone pointed out. > > Otherwise, the user should be educated before they are emplyed. > 2009/7/3 chuks Jonia <chuksjonia@gmail.com> >> >> Thats tru bro, I official stop supporting anything windows as from >> 2002 when xp was dropped. Find Alternatives Dennis. >> >> On 7/3/09, George Njoroge <themburu@gmail.com> wrote: >> > Hey Kioko Dennis, >> > >> > I at one time did not forget, thats why I offered the >> > contribution in >> > the most brief way possible plus as the IT guy you should provide >> > alternative solutions other than the existing ones which are failing. >> > >> > @All Cheerz >> > themburu >> > >> > >> > >> > On 7/3/09, liwindi joshua <liwindi81@gmail.com> wrote: >> >> And some of them disable regedit >> >> >> >> Edwin Wambua wrote: >> >>> @Lawi, that wont always work since some viruses change registry >> >>> settings to ensure you can't display hidden folders. >> >>> You can make the changes suggested below to the registry; >> >>> >> >>> >> >>> http://tuxvoid.blogspot.com/2009/04/cannot-display-hidden-folders-and-files.... >> >>> >> >>> -- >> >>> I know everything, what I don't know I just haven't googled >> >>> yet. >> >>> >> >>> Edwin Wambua >> >>> >> >>> Tel No:+254721995519 >> >>> >> >>>
>> >>> >> >>> _______________________________________________ >> >>> Skunkworks mailing list >> >>> Skunkworks@lists.my.co.ke >> >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> >>> Other services @ http://my.co.ke >> >>> Other lists >> >>> ------------- >> >>> Skunkworks announce: >> >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> >>> Science - >> >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> >>> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >> >>> >> >> >> >> _______________________________________________ >> >> Skunkworks mailing list >> >> Skunkworks@lists.my.co.ke >> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> >> Other services @ http://my.co.ke >> >> Other lists >> >> ------------- >> >> Skunkworks announce: >> >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> >> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> >> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >> >> >> > _______________________________________________ >> > Skunkworks mailing list >> > Skunkworks@lists.my.co.ke >> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> > Other services @ http://my.co.ke >> > Other lists >> > ------------- >> > Skunkworks announce: >> > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general >> > >> >> >> -- >> -- >> Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P >> I.T Security Analyst and Penetration Tester >> infosigmer@inbox.com >> >> {FORUM}http://lists.my.co.ke/pipermail/security/ >> http://nspkenya.blogspot.com/ >> http://chuksjonia.blogspot.com/ >> http://www.kamongo.co.ke/ >> _______________________________________________ >> Skunkworks mailing list >> Skunkworks@lists.my.co.ke >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> Other services @ http://my.co.ke >> Other lists >> ------------- >> Skunkworks announce: >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce >> Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science >> kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > > > > -- > with Regards: > Pornography and Technology: Buddies for Life? Find out at my blog: > http://gramware.blogspot.com > > > > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > Other services @ http://my.co.ke > Other lists > ------------- > Skunkworks announce: > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce > Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science > kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general > >
--
Regards, Alvin Ochieng - Corporate Account Manager GREENLINE TECHNOLOGY LIMITED| IT solutions Odyssey Plaza 2nd Floor| Mukoma Road | Box 61895-00200 Nairobi. |+254.20. 651755 / 552086 Fax +254.20-559841. **Wireless - 020-2405225 / 020 - 2429734 ** CellPhone – 0722-219938 / 0733610758 Help save paper - do you need to print this email? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Regards,
Ndambuki Muthoka David Phne: +254733476463;+254722316140 Addr: 2084 - 01000 Thika, Kenya. _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Tony White _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- with Regards: Pornography and Technology: Buddies for Life? Find out at my blog: http://gramware.blogspot.com
@Odhiambo & Mr. Lawi ...... *The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok. You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-) ...... *Being a lazy chap, I achieve the same by using nero. I came to discover that some applications are actually made to "see" *. I simply go through the steps of making a new compilation, select the pesky files and kick them from within nero.
Sounds like a very old topic. Surprised that it has resurfaced since the pre-election virus wars btwn raila and kibaki viruses which neither won except probaly the wannabe antivirus software/antivirus removal experts that popped up overnight. The most relevant to this discussion being AVS FILE SCANNER 2007 by Edge Networks. (See download links of their software below). The software of course is no longer available / supported by the firm. Apparently they realized that AV software for home users was a pipe dream with the extent of piracy or "did the steam run out". Thing is did exatly what it was meant to do...Following was taken directly from their website at the time...somekind of analysis... "AVS 2007 instead detects patterns in file distribution within the system based on how a virus would infect the system (say what would a registry startup object be doing in your removable drive even worse several copies of the same file found in your removable drive). So basically what AVS 2007 does is to detect reliplication of files within the removable media usually the main source of spreading and also searches for suspicious registry entries and autorun hooks which may be used by viruses to launch themselves. once detected AVS 2007 updates its viral database ensuring that the virus will be detected and removed if found again." I have used AVS 2007 till now especially to restore folders that were hidden by viruses and to restore corrupted registry entries especially those that disable task manager or prevent you from seeing hidden files. Too bad the product was discontinued coz may be AVS 2009 with 2 years of development would have been one heck of an application. Download a copy below..still the trial version that was on their website. Hope im not violating any copyright laws. If you want to buy well too bad.
Download from Torrent ---- http://www.mininova.org/tor/2736849 Preview in action --- http://bayimg.com/jaCKiaaCa Download from Media Fire --- http://www.mediafire.com/?yvmxlycjttt
On 7/4/09, Tony Likhanga <tlikhanga@gmail.com> wrote:
@Odhiambo & Mr. Lawi ...... *The way I do it? Simply get Hiren's Ultimate Boot CD (UBCD), boot off it, and you have a Windows running off a memory disk which won't get infected anyway. Open the flash disk, goto Tools->Folder Options->View, show hidden files and folders->Ok. You have all the files showing right on your face. Select all, deselect the ones you don't want to delete (eg the Firefox Setup 3.0.11.exe, etc) and shift+delete the files/folders. Delete autorun.inf and any other funny named command files the virus had created and voila! Reboot/Eject UBCD and ask for the next virus victimé:-) ......
*Being a lazy chap, I achieve the same by using nero. I came to discover that some applications are actually made to "see" *. I simply go through the steps of making a new compilation, select the pesky files and kick them from within nero.
damn! the torrent link was broken...uploading the torrent file as an attachment
participants (19)
-
Alvin Jason Ochieng -
chuks Jonia -
David Mugo -
David Ndambuki -
Dennis Kioko -
Edwin Wambua -
George Njoroge -
Jacob Ayienda -
Kiti Chigiri -
liwindi joshua -
Mr. Lawi -
Murigi Muraya -
nyarotho kennedy -
Odhiambo ワシントン -
Philip Musyoki -
Steve Muchai -
Thomas Odeny -
Tony Likhanga -
Tony White