[Lex Computer & Tech Group/LCTG] an issue

jjrudy1 at comcast.net jjrudy1 at comcast.net
Tue Nov 14 12:18:57 PST 2023 

Geek Squad suggested 5

 

From: Robert Primak <bobprimak at yahoo.com> 
Sent: Tuesday, November 14, 2023 3:17 PM
To: 'Drew King' <dking65 at kingconsulting.us>; 'Robert Primak via LCTG' <lctg at lists.toku.us>; 'Smita Desai' <smitausa at gmail.com>; 'Adam Broun' <abroun at gmail.com>; jjrudy1 at comcast.net
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

 

I like to have as many Restore Points as I can put into Windows. The reason is, I might have to restore to a point up to a month ago, which was my last Macrium Reflect System Full Backup time. Between full image snapshots 
I do not trust anything in Windows to remain stable and "unimproved". 

 

Given the amount of software my system typical carries, and the fact that some data also live onboard for everyday use, I allow several gigabytes on my system drive for Restore Points in Windows 11. This is probably vast overkill, but it's only a few percent of a 1TB SSD, and it doesn't slow the system or hamper the speed of making a full system backup (5 to 10 mins typically in my system, and about as much time for the Verify step). You should probably also have at least one extra copy of your system backups, on a separate external drive. 

 

I definitely back up my system before the Patch Tuesday monthly Windows Updates. This is not just a Restore Point.

 

A backup without Verification may surprise you in a very bad way. Always verify system backups. And back up data separately and more frequently than the system. 

 

But circling back to Restore points, do you really want only between one and three? Are you THAT confident in Windows and software updates? 

 

More than three Restore Points might be overkill. And the default value once System Restore is turned on may exceed that capacity. So feel free to reset the maximum amount of disk space allowed for Restore Points with the slider. You'll know if you undershoot. Better yet, have a system drive on an SSD with plenty of capacity. "Overprovisioning" in this way can improve the longevity of an SSD. 

 

 

On Tuesday, November 14, 2023 at 02:45:03 PM EST, <jjrudy1 at comcast.net <mailto:jjrudy1 at comcast.net> > wrote: 

 

 

I have 11 and the restore points are set, but a huge amount of space is devoted to it so when I went to the Geek Squad to solve my malware issue they reduced the space.

John

 

From: Drew King (dking65 at kingconsulting.us <mailto:dking65 at kingconsulting.us> ) <dking65 at kingconsulting.us <mailto:dking65 at kingconsulting.us> > 
Sent: Saturday, November 11, 2023 1:47 AM
To: Robert Primak <bobprimak at yahoo.com <mailto:bobprimak at yahoo.com> >; Robert Primak via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> >; 'Smita Desai' <smitausa at gmail.com <mailto:smitausa at gmail.com> >; 'Adam Broun' <abroun at gmail.com <mailto:abroun at gmail.com> >; jjrudy1 at comcast.net <mailto:jjrudy1 at comcast.net> 
Cc: 'Lex Computer Group' <lctg at lists.toku.us <mailto:lctg at lists.toku.us> >
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

 

This reminds me about System restore points.

Your computer should if it is enabled periodically create restore points that will allow you to revert your computer back to that state pre-virus or malware or adware or whatever it is.

It's worth checking your system restore settings and look for a recent system restore point that you can go back to. That will clear up the problem absolutely.

I haven't checked for myself but somebody told me that Windows 11 has system restore disabled by default if that is the case then you would want it enabled and make sure you make a periodic restore point.

I make one before installing anything on my computer and it has gotten me out of a jam more than once by allowing me to revert my system Back to Before the time when the software was installed. 



-- 
Drew King

 

On November 11, 2023 12:34:48 AM EST, Robert Primak via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> > wrote:

I think this is adware, not a true virus infection. Which makes it easier to remove and keep it from coming back. But you will need to run anything you choose to try in Windows Safe Mode. This is necessary to stop any services which prevent the entire unwanted package from being totally removed. Registry cleanup is a must as well, because it's through Registry corruption that adware often reinstalls itself.

 

If you can handle a little Command-Line action, restoring any corrupted system files would be a good idea after the adware is actually gone and does not come back. 

 

The Command Line tools would be sfc/scannow and dism/restorehealth. 

 

But let's try to remove the adware first. 

 

Two options:

 

ADWCleaner from Malwarebytes: You can run this one from Windows Safe Mode, and that would be better than running it in Windows Normal Mode. This program specifically targets adware and browser corruptions.

 

If anyone knows of a portable antivirus app, which can run independently of a booted Windows OS, this would be the next step.

 

Windows Defender lets you run Windows Defender offline (WDO). It's an advanced option under the Defender Scan Options. It should be the bottom option. But this scan won't work on every computer, and I never see it make a proper log which Defender can display. 

 

Portable antivirus scanners can be put onto a USB flash drive, if you have a way to make the flash drive bootable. RUFUS is one way, and I think they allow you to create a boot drive with an AV scanner and other tools included. 

 

It's a little tricky getting into USB Boot under Windows 11 due to new security keys required for USB boot devices. I have used Ventoy to create flash drives with multiple CDs (ISOs) which will boot and run their programs from USB. If one of these disk images contains a good antivirus scanner, you can do the tool's database update, ID the adware, remove it and clean up from outside of Windows. Make any USB flash drive on a different computer from the infected one. 

 

If this does not clean up the infection, it's time to bite the bullet and reinstall Windows. That may not work in extreme cases, but a clean erase of the drive followed by reinstalling Windows will in most cases produce a virus-free result. If you download Windows 11 from Microsoft for a reinstall, be aware that you are upgrading to the newest Fall Feature Update (23H2). RUFUS may allow you to stick with 22H2 or whichever version you are on now. Windows 10 does not have this issue. 

 

I think ADWCleaner will root out this infection. It looks like adware, and the browser is the most likely source of the trouble. That makes this more of an adware infection than a true virus situation. But you should try to get into Windows Safe Mode and then run one of the group's recommendations, or some other portable adware-targeting anti-malware tool. 

 

-- Bob Primak 

 

 

On Friday, November 10, 2023 at 05:03:43 PM EST, John Rudy via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> > wrote: 

 

 

I have rebooted twice

 

From: LCTG <lctg-bounces+jjrudy1=comcast.net at lists.toku.us <mailto:lctg-bounces+jjrudy1=comcast.net at lists.toku.us> > On Behalf Of Smita Desai via LCTG
Sent: Friday, November 10, 2023 4:58 PM
To: Adam Broun <abroun at gmail.com <mailto:abroun at gmail.com> >
Cc: Lex Computer Group <lctg at lists.toku.us <mailto:lctg at lists.toku.us> >
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

 

I would also reboot and keep disconnected from the internet. 

 

Smita Desai 

 

Sent from my iPhone

 

On Nov 10, 2023, at 4:08 PM, Adam Broun via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> > wrote:

When do these messages appear?  Upon boot up?  After opening a browser window? Other? That might narrow down where to look (e.g in startup folder or registry,  browser settings, etc.

 

 

 

On Nov 10, 2023, at 15:59, palbin24 at yahoo.com <mailto:palbin24 at yahoo.com>  wrote:

 

I’m reluctant to suggest major surgery and I hope someone has a good idea 

 

A middle ground might be reinstalling the OS. There are tools from Microsoft and perhaps your computer vendor to help. Wait to see if there are any other options before going down this road.

 

Peter

 

On Nov 10, 2023, at 3:47 PM, John Rudy via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> > wrote:



They are back, so Malware Bytes didn’t do it.

 

From: Adam Broun <abroun at gmail.com <mailto:abroun at gmail.com> > 
Sent: Friday, November 10, 2023 3:39 PM
To: jjrudy1 at comcast.net <mailto:jjrudy1 at comcast.net> 
Cc: Lex Computer Group <lctg at lists.toku.us <mailto:lctg at lists.toku.us> >
Subject: Re: [Lex Computer & Tech Group/LCTG] an issue

 

Check the home page settings in your browser.  My guess is a script got triggered that put something funky in there.  And try running the inbuilt Windows virus scan.

 

 

On Nov 10, 2023, at 15:27, John Rudy via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us> > wrote:

 

Starting this morning I began to receive these messages.  I assumed that they were a scam and I do not believe I have McAfee on my system.  I have not clicked on either t

the Yes or No Thanks.  But they are covering things up and I seem unable to get rid of them.

 

I did close down mail and rebooted, but they are back.  Any thoughts?

<image002.png>

John Rudy

 

781-861-0402

781-718-8334  cell

13 Hawthorne Lane

Bedford MA

jjrudy1 at comcast.net <mailto:jjrudy1 at comcast.net> 

<image001.png>

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list:  <mailto:LCTG at lists.toku.us> LCTG at lists.toku.us      Message archives:  <http://lists.toku.us/pipermail/lctg-toku.us/> http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email  <mailto:lctg-subscribe at toku.us> lctg-subscribe at toku.us  To unsubscribe: email  <mailto:lctg-unsubscribe at toku.us> lctg-unsubscribe at toku.us
Future and Past meeting information:  <http://lctg.toku.us/> http://LCTG.toku.us
List information:  <http://lists.toku.us/listinfo.cgi/lctg-toku.us> http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to  <mailto:abroun at gmail.com> abroun at gmail.com.
Set your list options:  <http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com> http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us <http://lctg.toku.us/> 
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to palbin24 at yahoo.com <mailto:palbin24 at yahoo.com> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/palbin24@yahoo.com

 

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to smitausa at gmail.com <mailto:smitausa at gmail.com> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/smitausa@gmail.com

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com. <mailto:bobprimak at yahoo.com.> 
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20231114/db7aa47f/attachment.htm>

More information about the LCTG mailing list