• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
  • 0
Sign in to follow this  
Followers 0
aslan

Adaware = Ransomware? Pay support $25 to fix your problem. Support Ticket GS#MBV-TqsX2-693

Question

Support ticket, GS#MBV-TqsX2-693

My computer (Windows XP Pro) continously reboots after adaware quarantined several files, including "winlogon.exe" (I'm pretty sure I typed WINLOGON.EXE earlier and it got deleted without my authorization and without acknowledgement of the fact). I am unable to boot into safe mode or boot with the last known good configuration, because Adaware removed the necessary files from my restore point! I have removed the hard disk and have it connected as an external drive. How do I decrypt and uncompress the files that Adaware quarantined as the OS is unbootable.

This reminds me of getting infected with XP Antivirus, I had the option of paying the authors $40 to make the computer work again.

EDIT:
It appears that the mods/support staff here read/view posts without incrementing the view count so that mean one of you read my post, screwed with it, and didn't answer my question. Edited by Aslan

Share this post


Link to post
Share on other sites

27 answers to this question

  • 0
Ok, I solved my own problem, I removed the drive put it in an external drive cage, plugged it in to another computer copied the winlogon.exe file from c:\windows\servicepackfiles to c:\windows\system32 I'd previously installed XP SP3, and there was a copy there. I've removed Adaware and will now be using Malware Bytes.

So, problem solved, however I still want to know, how do I retrieve the quarantined files from the Quarantine folder without booting windows? How do I decompress and decrypt the files?

Thanks.

Share this post


Link to post
Share on other sites
  • 0
I think Lavasoft will need to answer your question. I'd contact whoever opened your support ticket. They should not be charging $25 if you're using Pro or Total Security and have login access to the support center.

Share this post


Link to post
Share on other sites
  • 0
Actually no, I haven't paid for the software or the support.

In this instance the computer was working fine until the quarantine actions recommended to be taken after the adaware scan. I do believe there was an infection of some sort, though it was causing me no trouble. Adaware improperly quarantined critical system files.

I do feel held at ransom though. Adaware's manual states that it compresses and encrypts the files, but no where is there any mention of how to decrypt and decompress those files in the event that Windows is rendered unbootable and Adaware cannot therefore be run. There is no command line utility that can be run from the recovery consul or any other appropriate utility. My files were held solely by Lavasoft leaving me no way to recover the system.

In this instance where Adaware renders a system unbootable I feel they should provide all necessary tools for me to recover said files or provide me priority support. Someone less capable than me would simply have had to fork over the cash or reinstall Windows.

Share this post


Link to post
Share on other sites
  • 0
I agree - the only solution provided is to remove quarantined items using the GUI, so you're SOL if the system can't boot. Previously, I'd only heard of the McAfee *oops* with system files, this is the first I've heard Ad-Aware doing it.

If that ticket number means you paid $25, thanks for sharing the info here. I'll make an inquiry here to Lavasoft and link to this topic.

In the future, be sure not to scan while in Simple Mode since it automatically takes preferred action. Scans in Advance Mode provide the results, and let you choose what action to take from drop down menus before performing those actions.

Share this post


Link to post
Share on other sites
  • 0
No, I didn't pay the money. I sent an email to their general support email which they haven't responded to yet that's where the support ticket number is from. In the time I've been on the internet, since 2000 I've heard of this happening with every major antivirus I can recall except Panda AV, and they're much newer.

Perhaps a solution here to the problem of a broken system restore point is to not touch the system restore files even if they are infected, until one successful boot after Adaware quarantines system files. Had Adaware not removed winlogon.exe from the System Restore Point I would have been able to boot eve with Adawares mistake.

(In truth the infection was very much my fault and I was in a part of the internet where I should not have been, downloaded files and forgot to scan them with AVG before I opened them. Of course AVG's realtime scanner should have caught that, but you can't count on that.)

While you're right about advanced mode verses simple mode, it's not that simple. That would require each user knowing what and where critical system files are. Many viruses / pieces of Adware have plausible looking names, as though they could be part of the OS, so you'd have to research the files, and then you'd have to deal with the possibility also of some critical driver that the computer wont start without possibly being misidentified too, and researching that. Necessitating the end user make a judgement call on a file represents in part a failing of the Antispyware. Typical users don't know what files make up their OS, and don't know except in bare generalities how it works. It's rather like saying real coders code in assembly. You may even compile your own OS from source if you use Linux, modifying the Kernel to your exact requirements, and compiling the other pieces from a tool-chain you build yourself. Even among otherwise very smart people few are such macho-ists.

We users use Adaware to reduce the complexity of dealing with our computing environment. Edited by Aslan

Share this post


Link to post
Share on other sites
  • 0
this is common problem with a lot of AV products cause they just delete the infection, regardless if the file infected is important, you need to use a tool that will disinfect/clean the infection away without removing the file. Dr Webs Cure it is very good at cleaning infections.

Thank You

Computer Wizard

Share this post


Link to post
Share on other sites
  • 0
Thank you Visitor and Computer Wizard for your help and suggestions.

I have received a response from Lavasoft, [u][b]PAY CASH NOW OR YOU WON'T SEE ANY HELP FROM US[/b][/u]. Actual response included at the end of this post.
[b]Adaware Destroyed My Windows Install I Call For A Remedy Under US Consumer Product Law[/b]
This remedy is to include,
1. A Response from an employee of Lavasoft
2. Telling me how to decrypt and decompress the files that it quarantined in the absence of a bootable copy of Windows.
3. Should this necessitate using tools that are unavailable to the public I will be provided a copy by Lavasoft, and so will each user who faces this same situation henceforth.

[b]LAVASOFT STAFF I AWAIT MY REMEDY[/b]

At present the behavior of Adaware and Lavasoft closely resemble that of the fake "XP Antivirus" Please see [url="http://en.wikipedia.org/wiki/XP_Antivirus"]http://en.wikipedia.org/wiki/XP_Antivirus[/url]

Thanks again to all those here who have helped me,
Aslan7147

[email protected] to me
show details 9:43 AM (4 hours ago)
We can not find your credentials in our customer database.
We need to determine that you hold a license to be able to help you further.

Please send us the email address you used while registering/purchasing our product.
You can also send us the receipt or the purchase ID you received with the email notification of your purchase.

NOTE: We do not offer support to our Freeware users.
Please, use our Support Forums for any questions you might have:

[url="http://www.lavasoft.com/support/supportforums/"]http://www.lavasoft.com/support/supportforums/[/url]

Our FAQ's :
[url="http://secure.lavasoft.com/support/faqs.php"]http://secure.lavasoft.com/support/faqs.php[/url]

You can purchase Lavasoft products here:
[url="https://secure.lavasoft.com/download_and_buy/product_comparison_chart.php"]https://secure.lavasoft.com/download_and_bu...rison_chart.php[/url]


Kind Regards,
Patrick - Lavasoft Support


Did you know that you can connect with Lavasoft on Facebook and Twitter? Follow us on Twitter or become a fan of Lavasoft on Facebook to get security news updates, Lavasoft Product information and exclusive offers!

Please Note:
Do not change the subject line of your e-mail when replying, this will result in you losing your place in the queue.
Abusive content will result in a rejection of the Support request.

[color="red"]Removed large font size ~ SpySentinel[/color] Edited by SpySentinel
Removed large font size ~ SpySentinel

Share this post


Link to post
Share on other sites
  • 0
as i stated above, as someone who deals with removing malware for clients of mine, this is a common issue with alot of AV products, that will detect a legit file that is infected and just delete it, instead of cleaning it first, im sure adaware does try too do this but it surely needs to be improved and should be made to clean the infection before deleting by default. this is why its important too back up your system. Ad-aware is made to detect and remove infections and that is clearly what it done, the file was legit but it was infected.

Thank You

Computer Wizard Edited by Computer wizard

Share this post


Link to post
Share on other sites
  • 0
@Aslan,

As @Computer Wizard stated, this is a common problem. However, I do agree with you that critical Windows files, even when infected, do not get removed. Instead Ad-Aware should try and replace the infected file or leave alone.

For your future reference, if you do struggle with a situation like this again, you can download and use the Windows Recovery Console to copy another clean version of the core file (which as you know you can often find in the service pack folders).

visitor has brought this issue to Lavasoft's attention for you, through a private channel, and I'm sure he will respond here if he hears anything.

Casey

Share this post


Link to post
Share on other sites
  • 0
This issue is unresolved. What is your response Lavasoft?

I am well aware of the Recovery console. With Windows XP Pro the recovery console is unable to preform any operations on the \Windows or \programs directory unless you have previously permitted those changes from within Windows. Microsoft's site provides no alternative way to provide the recovery console with the necessary permissions.

[quote name='casey_boy' post='122061' date='Aug 25 2010, 12:38 PM']@Aslan,
...
For your future reference, if you do struggle with a situation like this again, you can download and use the Windows Recovery Console to copy another clean version of the core file (which as you know you can often find in the service pack folders).
...
Casey[/quote]

[color="red"]Removed large font size ~ SpySentinel[/color]

Share this post


Link to post
Share on other sites
  • 0
Just want to add:


This is a scary thread! It instills terror in me with regard to using Ad-aware's Total Security. :P

Share this post


Link to post
Share on other sites
  • 0
i still somewhat fail too see what he expects lavasoft to do, at the end of the day Ad-aware found a legit file ( important ) that was patched/infected and deleted isn't that clearly what ad-aware is meant to do? of course it is.

Share this post


Link to post
Share on other sites
  • 0
I believe I clearly spelled out what I would like Lavasoft to do in this instance
[quote name='Aslan' post='121943' date='Aug 20 2010, 02:53 PM']1. A Response from an employee of Lavasoft
2. Telling me how to decrypt and decompress the files that it quarantined in the absence of a bootable copy of Windows.
3. Should this necessitate using tools that are unavailable to the public I will be provided a copy by Lavasoft, and so will each user who faces this same situation henceforth.[/quote]
Had I waited for help from Lavasoft at this point I'd have had a dead computer for three weeks now. I can see deprioritizing free users, but shouldn't the pain of waiting two weeks be enough? My request above is for the tools to decrypt the essential system files stored in Adaware's quarantine folder that I needed to return the computer to a running state so that I could work on it further. Also it requests any users who find themselves in this situation from now on are provided the tool to decrypt the files.

@adwilli I am amused. I do hope you're being sarcastic.

Having been using computers on the internet since 1997 I've used a lot of Antivirus software, Norton, Symantec, AVG, PC Tools, McAffe, NOD32, Avira, and more ALL of those programs at some point failed and got themselves wiped out by a virus. Granted, I will allow that I had the Herunistic sp? scanning one notch below maximum wherever that was available, and also that I do not keep to the safe bits of the internet. There are two antivirus programs that have not failed me Clam AV USB stick standalone version. It's a good program, but lacks speed in the update of it's definitions, and only runs on command, only scanning files on disk, very limited. The other antivirus program which has not failed me yet is Kaspersky. I've been using that on my laptop for about two and a half years now it's seen extensive use and withstood it all. Do I expect that Kaspersky will never fail me? You're joking, at some point something new is going to come along and wipe out Kaspersky too.

At the end of the day I still recommend Adaware. Overall it's an excellent product and very simple to use. I'd trust it's recommendations on what to do about infections. This is the only time a recommended action has been invalid. I've been using and recommending Adaware since 2001 (I think the web address back then was lavasoft.de or perhaps it was a more German spelling I can't recall), the age of Kazaa, and believe me if you were running Kazaa, you used a hacking tool to chop off the popup spamming part of the program (it was that bad) and you wanted Adaware at your side to take care of the nasties that you were sure to encounter with your downloads. Now I use a mix of Adaware and Malware Bytes.

Share this post


Link to post
Share on other sites
  • 0
[quote name='adwilli' post='122375' date='Sep 6 2010, 02:29 PM']This is a scary thread! It instills terror in me with regard to using Ad-aware's Total Security. :o[/quote]

well adwilli, you do have the option of using Ad-aware Free Internet Security program if you don't like using Ad-aware Total Security. less features in the free version of Adaware but has the most essential ones.

not sure why Aslan has to mention Kazaa as that's now obsolete and there are other alternatives to Kazaa (like Shareaza) that are far better and more compatible & reliable with newer versions of Windows.

certainly I too would like to see some improvements for Lavasoft customer support.

Share this post


Link to post
Share on other sites
  • 0
Hi Aslan,

You've had a huge amount of hassle. Not good. Let me see if I can help out.

This is Andy Browne - I'm team leader at Lavasoft's Malware Labs. I don't normally hang around the forum but I stumbled on this post and thought I'd try to help out and answer your questions.

[b]Response from Lavasoft[/b]
Hello there!


[b]Decrypting the quarantine file[/b]
You're right - there's no official support for doing this. I'll mention this issue to the development team to see if this is something we should consider for future versions of Ad-Aware. I know its a bit late to help you, but attached is a workaround that answers your question.

[attachment=8313:Decrypt_...rkaround.pdf]

[b]Tool for decrypting quarantine file[/b]
I will pass this suggestion on to the development team for consideration.

I apologise for this false positive. It certainly caused you a lot of hassle. I would recommend that people post these kinds of things in the FP forum (link below) which the Lavasoft Malware Lab monitors and responds to.

[url="http://www.lavasoftsupport.com/index.php?showforum=93"]http://www.lavasoftsupport.com/index.php?showforum=93[/url]


Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
  • 0
[quote name='LS Andy' post='122589' date='Sep 14 2010, 08:36 AM']I would recommend that people post these kinds of things in the FP forum (link below) which the Lavasoft Malware Lab monitors and responds to.[/quote]
I moved a similar post from the 8.x users forum to False Positives:

[url="http://www.lavasoftsupport.com/index.php?showtopic=29988"]http://www.lavasoftsupport.com/index.php?showtopic=29988[/url]

LS_Anders referred user to General Support to fix registry error message rather than give directions to unquarantine and upload the files for analysis :huh:

Share this post


Link to post
Share on other sites
  • 0
Hey visitor,

Yeah, we spoke about his advice, we fought for a bit, I won, then I decided to write the guide. :-)

If someone thinks we've detected an FP, they should be posted at the FP forum here:

[url="http://www.lavasoftsupport.com/index.php?showforum=93"]http://www.lavasoftsupport.com/index.php?showforum=93[/url]

We would respectfully request that they read the FP posting guide first (link below) - it makes us more inclined to help :-)

[url="http://www.lavasoftsupport.com/index.php?showtopic=18033"]http://www.lavasoftsupport.com/index.php?showtopic=18033[/url]

By the way, if you have any feedback on the decrypting quarantined files guide, can you PM me? Maybe I can post it somewhere more visible in the forum or as a blog post. Let me know!

Cheers,

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
  • 0
Thanks for your reply Andy, I've been a little busy the past few days and haven't had an hour or two to test the offered solution. I haven't wanted to post a reply without evaluating the information/solution offered. I should have the time this evening however. The one thing I lack to step through the solution is a spyware/adware sample that will be detected by Adaware.

Unfortunately I've wiped the drive and reformatted. For a while it looked like nothing would come of the topic, so I just tried to quietly troll for replies by keeping the topic interesting/ open ended enough that others would reply and bump it for me (everything I said however was the truth). I might have caught a backup of the quarantined file, I'll look. The instructions I referenced did not say to upload the file. Edited by SpySentinel
removed request for malware ~ SpySentinel

Share this post


Link to post
Share on other sites
  • 0
Hi Aslan,

We do not send out real malware via the PM system to people. If you like to, you can search on google for a way to download mawlare but that is not recommended. It is not a good idea to test using real malware as you can get infected.

Thanks,
SpySentinel :huh:

Share this post


Link to post
Share on other sites
  • 0
The EICAR test file mentioned in Andy's process is a fake malware file - it should be detected by security software without actually being malicious.

Share this post


Link to post
Share on other sites
  • 0
I'm sorry, I had some wine earlier in the evening, and I am having difficulty understanding and following the instructions provided by LS Andy. I'll have another look at this tomorrow. Until then I need to refrain from comment.

Share this post


Link to post
Share on other sites
  • 0
Moderators, please remove my post [url="http://www.lavasoftsupport.com/index.php?showtopic=29786&view=findpost&p=122800"]http://www.lavasoftsupport.com/index.php?s...st&p=122800[/url] .

I worked on this a bit yesterday, but didn't get started soon enough and had to leave to get to the Monday night ride. It's a fun 30 mile ride through the streets of Columbus Ohio, the sixteenth largest city in the US with about 50 other mostly normal people on bicycles.

Here's a way for Lavasoft to avoid this issue almost all together. I would have been fine if I had been able to use the system restore feature. I was unable to however because Ad-aware helpfully removed the file from the system restore as well as the copy in the bootable windows folder. I propose instead that Ad-aware quarantines the files it detects in Windows as normal, but does not remove the files from the system restore until after one successful Windows startup.

Regarding the PDF documentation, [url="http://www.lavasoftsupport.com/index.php?act=attach&type=post&id=8313"]http://www.lavasoftsupport.com/index.php?a...ost&id=8313[/url] , I don't feel that it's in a form yet that would allow a user to make use of it. With my broad technical knowledge and first hand knowledge of the problem I still failed to understand what the purpose of the instructions was. Directions written for the user should explicitly state nearly everything leaving nothing to imagination. Users do interesting things in such cases, where boring and expected is good. The user is the worlds laggiest most corruption prone terminal. Other than minor differences in screenshots such as window borders when the user might see a screen that is different than than presented it should be noted and the user told what to do in that particular case.

Regarding the text of the instructions provided

There's an overview of the steps provided but they never state the goal or an important requirement, that being that you have access to a second working computer with Windows XP or later. Also remind the user to make sure their computer has run Windows update and is in fact up to date (There was a virus recently that infected Windows computers merely by having a custom icon displayed in Explorer.)

Step 1. I'm using Ad-Aware Free Anniversary Edition. The screenshots and instructions provided are for a newer version. This makes little difference to the user as the user will see that the Adwatch live service is already disabled and from there can skip to the next step, however it should be explicitly stated. (Even when I had access to the Ad-watch live service I never felt that I had enough processing power to run that and antivirus without slowing down the computer so I've effectively never used it. My choice was always antivirus. I've never seen Adwatch live accomplish anything that Ad-aware can't after the fact.) So, for step 1 add, "If realtime protection is already off, continue to step 2".

Step 2. "ï‚· The quarantine file is located in:" and "ï‚· Copy the quarantine file" should be done on the original computer if that is possible. How would this be possible? By using the recovery consul found as a boot option on the Windows install disk or using a bootable linux distribution that reads and writes NTFS (slightly difficult I can't name one that does this by default off the top of my head) and copy the files to a flash drive, or remove the hard drive from the non bootable pc connecting it to a second working computer with a usb dongle/case. Note that nothing from the hard drive is able to infect the second computer if the user holds down shift while they connect the drive and for about 15 seconds or so beyond that, and as long as they refrain from opening viewing or double clicking any files other than the ones they are told to on the unbootable disk.

At this point it may be necessary to disable your antivirus software depending on it's settings if it's scanning downloads, or scanning all file system accesses. Alternatively you could just disable the realtime file access scanning part, but those instructions would devolve into instructions for a dozen different Antivirus programs.

So on the second computer, the one that works download the Eicar test file.

Step 3. Follow step 3 on the second computer as written.

Step 4. The file URL provided in step 4 for Vista is incorrect "Vista: c:\Program Data\Lavasoft\Ad-Aware\Quarantine\". It should read "C:\ProgramData\Lavasoft\Ad-Aware\Quarantine" there shouldn't be any space between Program and Data. This probably needs to be corrected for Windows 7 as well, as it's really just Vista R2.

To delete the quarantined Eicar test file it may be necessary to have administrator rights in Vista and Windows 7.

Step 5. After following step 5 the Eicar Test file is added to Ad-aware's permanent ignore list. If one needs to restore another file now or in the future, you must remove the Eicar test file from that list. To do so go to Ad-aware's home screen click scan, click ignore list and from the action menu for the Eicar test file select remove, then click preform actions. When this is done you can use the Eicar test file to get more files back from quarantine.

Thoughts on the Decrypt_quarantine_file_workaround.pdf [url="http://www.lavasoftsupport.com/index.php?act=attach&type=post&id=8313"]http://www.lavasoftsupport.com/index.php?a...ost&id=8313[/url]

With the above modifications it works and is very useful. However it requires being comfortable with computers and having one of the following knowledge of how to use the Windows recovery consul and the appropriate permissions set in Windows to allow it's use (Windows XP Pro does not permit the recovery consul access to the Quarantine folder because of it's path, and it also does not permit access to the Windows directory, unless you explicitly granted it those permissions from within Windows before this happened. I can find no way to change those permissions from the Recovery Consul itself), or the ability to use a Linux live CD that has the ability to read and write NTFS file systems (can anyone name such a distro preferably with a GUI), or removing the boot hard drive from the unbootable computer and placing it in or attaching it to a second computer. For the user uncomfortable with this the one sentence solution is "Reinstall Windows" or, print this document and take it in for repair. As an alternative if Lavasoft were supporting the user would be out of band access to the computer with the Lantronix SecureLinx Spider. ( [url="http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html)"]http://www.lantronix.com/it-management/kvm...nx-spider.html)[/url] Lavasoft would overnight the device to the user, and then the user merely needs to plug the device into their computer and provide the ip to Lavasoft to allow the Lavasoft tech access to the computer. This is complicated by the fact that the user does have to provide the address of the Spider. To eliminate this requirement connect a serial modem, the sort that works with Linux to the Spider and connect that to the phone line. When everything is plugged in they call Lavasoft confirm that things are set up properly, and provide Lavasoft the phone number. In several months Lantronix will be launching a new Spider and service called "Access my device" that can be customized by them with management software that connects back to Lantronix as soon as it's plugged in giving you access to the correct ip for the remote Spider. (Lantronix is extremely customer service oriented answering calls immediately with a live person who transfers you to the person you need to talk to without a moments delay)

I've verified to my satisfaction that the above instructions work with the modifications provided by stepping through them with live adware. Should you wish to verify the solution for yourself it is necessary to have a second file that Ad-aware detects as a positive. Therefore, I would have attached a quarantined dll file that I got from the iwon mywebsearch toolbar, however I'm not permitted to do that so... Note, the application as a whole has a TAI of 3, the same as a browser cookie.

An additional post will follow with an alternative suggestion for assisting users in this instance.
[code] ("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'[/code]

[color="red"]Removed malware link ~ SpySentinel[/color] Edited by SpySentinel
Removed malware link ~ SpySentinel

Share this post


Link to post
Share on other sites
  • 0
So, the above instructions work for the knowledgeable computer user of moderate skill. That's not good enough though, there's still the users of less skill. For them we need a Mac like solution where they can click and it works, unfortunately they're using Windows. (humor) My suggestion is either the Lantronix Spider mentioned above or

Give them a boot disk that does nearly everything for them. This bootdisk would run Adware front and center automatically pointed at the hard drive that was the problem. Best case, It would be updated daily before the customer downloaded it with it's own set of definitions that would include false positives and files that are infected, but necessary to boot windows. When it is run it would attempt to connect to the internet through ethernet and wifi to obtain an even more recent set of definitions. With the new definitions Ad-aware automatically determines which file to restore. If it is unable to do so it gives control to the user and asks them which to restore. Second best case, the boot disk runs vanilla Ad-aware and the user navigates Ad-aware and chooses which quarantine file to restore. In either case if the file remains infected after being restored from quarantine it gets uploaded automatically to your "Threat network" for analysis.

That's what needs to happen, how will it be accomplished? There's three options all fraught with varying degrees of license, patent, and or legal landmines. My first choice would be a custom remix of a Linux distro. This Linux Distro would be lightweight, have a GUI, be able to read and
write NFTS disks. You would add to that Wine so that Ad-aware could run unmodified. Ad-aware's environment would be configured in such a way that it would know what disk it needed to do it's work on. Second choice, Windows PE. It's a version of Windows that exists to run off a cd and do things to it without needing to boot windows from the hard drive to do things like backup, diagnosis, and other maintenance tasks. It runs standard Windows code. Third choice, BartPE. Bart PE is a program that takes a Windows install disk, the programs you want to run on it combines it together and spits out a bootable disk. It runs a modified version of Xp. [url="http://www.nu2.nu/pebuilder/"]http://www.nu2.nu/pebuilder/[/url] .

An alternative to this alternative is to code a version of Ad-aware works from a freedos bootdisk with the bare minimum the program needs to remove a file from quarantine and restore it to it's original location.

So, how do you deliver this boot disk to the user? Two options, physical or virtual. Virtual is the cheapest so therefore preferred. You take your bootdisk and package it with a CD burning program with verification. Put this in a self extracting executable that when it's run, verifies itself, extracts, and is scripted to run the cd burning program. The program then tells the user to insert a blank cd. The user does, and the program senses it and starts burning. So what the user would do in this process, download the file, double click, be prompted to insert a blank cd, and that's it. I suggest limiting the burn speed to 4x to get a better burn, and then verifying the data on the dis afterwards just to make sure. You could also make a version of the above for flash drives as there are a few computers out there without optical drives, or at least cd burners.

Second option is the physical one. Print the boot cd's yourself and overnight them to the users that need them.

How do you reduce the size of he downloads? Use 7z for compression it's the most efficient of the non fractal compression programs. Ad-aware itself is now over a 200MB initial download between the program in the definitions, have you noticed that? That's going to be something like a 20 hour download on a 56k modem itself alone. You might be able to include just the Ad-aware program on the boot disk and grab the definitions from the hard drive, or you might just be able to run the copy of Ad-aware from the hard drive with it's definitions which would cut the size of the boot disk by 200MB.

I hope that helps. Thanks to LS Andy for the workaround above. It was too late for me, but I hope it helps others.

[code] ("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'[/code] Edited by Aslan

Share this post


Link to post
Share on other sites
  • 0
Sorry for the multi-post here, but each one addresses a different subject. This one should wrap up my posting for the moment. [quote name='erpguy6' post='122568' date='Sep 13 2010, 01:15 PM']...
not sure why Aslan has to mention Kazaa as that's now obsolete and there are other alternatives to Kazaa (like Shareaza) that are far better and more compatible & reliable with newer versions of Windows.
....[/quote]While using Kazaa I discovered my need for an anti adware program in addition to antivirus. I mentioned this to estabolish that I've been using Ad-aware for eight or nine years now. [quote name='SpySentinel' post='122648' date='Sep 16 2010, 06:41 PM']If you like to, you can search on google for a way to download mawlare but that is not recommended. It is not a good idea to test using real malware as you can get infected.
...[/quote]Thanks for being so helpful SpySentinel. Please quote me where in the rules it says I am not permitted to request an adware sample for testing purposes. I attempted to be responsible in doing so by asking it be sent by pm, such that it would not affect anyone else. Without a second sample of adware I was unable to test the method presented by LS Andy. In fact I can't even find where in the rules it states not to post links to adware at the moment. As for using Google to find adware, that's essentially not possible as Google removes pages from it's index for hosting viruses and adware. Getting infected was the point of testing with real malware. I wasted three hours browsing with my antivirus off to locate some. What would have been nice is if someone could have provided a link to adware Ad-aware was already familiar with that was mostly harmless and I could have worked with that.

The volunteer moderators of this board are quite edit happy. I will thank you at least for noting when you've modified my posts, and I'm not 100% sure what happened with the initial one.
[code] ("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'[/code] Edited by Aslan

Share this post


Link to post
Share on other sites
  • 0
[quote]Thanks for being so helpful SpySentinel. Please quote me where in the rules it says I am not permitted to request an adware sample for testing purposes.[/quote]

Sure I can quote a few:

"We have the ability to remove objectionable messages and we will make every effort to do so, within a reasonable time frame, if we determine that removal is necessary."

"You agree, through your use of this service, that you will not use this BB to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, or otherwise in violation of any law."


[quote]The volunteer moderators of this board are quite edit happy. I will thank you at least for noting when you've modified my posts, and I'm not 100% sure what happened with the initial one.[/quote]

We do not allow you to post active links to malware that can harm our members here. That is why they have been removed. If you have an issue with this, you can send a PM and we can discuss it.

Thanks,
SpySentinel :angry:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0