spybot can't remove win32.tiny.abk...

schitzn:

In addition to the two (2) responses that tashi wrote, which seems to be directed to this portion of your query:

Its unfortunate that this site's rules goes against the whole consensus of the internet, freedom of information. If its a legal concern, then maybe add a liability (no warranty) clause and have forum moderators proactively commenting for liability such resolutions rather than removing them.

The purpose of this forum is to identify issues and present resolutions, I think there should be serious look to Safer Networking's approach to moderation of information.
I would like to respond to your following comment:

Now I got 4 hours to format the machine, reupdate, reinstall 3rd party apps and get some sleep to get my customers machine back to them.
Although it may be bad for business in the long run, I hope you take the time in your hectic schedule to advise your "customers" how to take precautions to prevent re-infections, such as those outlined in the following:
 
schitzn:

In addition to the two (2) responses that tashi wrote, which seems to be directed to this portion of your query:


I would like to respond to your following comment:


Although it may be bad for business in the long run, I hope you take the time in your hectic schedule to advise your "customers" how to take precautions to prevent re-infections, such as those outlined in the following:

Thanks for the feedback, I appreciate it!

Although I agree with all you have written and without cockiness have worked out manually what you have put into your prevention thread, I do disagree on one area.

Firewalls. My independant research shows those three firewalls are weak when testing against leaktests. Comodo Firewall, and Online Armour are two free firewalls that have a 100% protection rate against all known leak tests. Although Comodo includes HIPS as well, it can be disabled for the sake of learning curve.
 
As a Microsoft MVP in Consumer Security, Im wondering why you endorse a security product that fails miserably when benchmarked.

Sunbelt's firewall is a poor performer in terms of preventing firewall breaches.

Please reference as example
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

Zone Alarm Free Edition is even worse than Sunbelt.

Obviously some protection is better than none, but when there are better solutions that are 100% free, why should these two weaker options be endorsed?
 
Hi there,
As a Microsoft MVP in Consumer Security, Im wondering why you endorse a security product that fails miserably when benchmarked.

The article in question is not mine. ;) I have received permission from the author to update and make adjustments, which I will do after further research.

Thank you for bringing the study to my attention.

Cheers.
 
I've ran into another machine with this variant of win32.tiny.abk .

Unfortunately, there does not appear to be any entry in Autoruns and Hijackthis.

Spybot picks up two temporary files under windows\temp\, but does not seem to pick up all traces as it keeps coming back after a re-run.
 
I found a solution. Im posting for anyone else unable to find a fix for this.

Boot to the recovery console via your Windows CD and delete all files in the Windows temporary folder. To do so under the recovery console, you need to use the del command and specify the folder %windows%\temp

This tip should not be removed because my instructions are purely safe because its temporary folder anyway.

I wish Spybot would automatically remove this. It appears to me that spybot deletes the file sucessfully, and assumes its gone, however it must still be in memory and writes it back before you shutdown/restart.
 
Doesn't clear it for me.....

Dropped into Recovery console, deleted every file and then the c:\windows\temp directory. Shut down and booted into safe mode and ran spybot - hurray, damned thing had gone. Started normally and ran spybot, and it (along with the temp files) had returned.
 
And....

md usa spybot fan,

your point is?

The link that tashi provided does not solve my problem, all it does is chastise me for not reading every sticky and getting the postings of hjt, kas and combo wrong.

Your post does not solve my problem. All it does is, again, remind me that I got it wrong.

I have a virus on a computer that seems to be unsolvable other than to reformat the hard drive.

I would love for someone here to actually try to help me rather than tell me that I didn't post things in the right order. Or, are you saying that because I did, you are unwilling to help???
 
Hello,
md usa spybot fan,

your point is?

The link that tashi provided does not solve my problem, all it does is chastise me for not reading every sticky and getting the postings of hjt, kas and combo wrong.

Your post does not solve my problem. All it does is, again, remind me that I got it wrong.

I have a virus on a computer that seems to be unsolvable other than to reformat the hard drive.

I would love for someone here to actually try to help me rather than tell me that I didn't post things in the right order. Or, are you saying that because I did, you are unwilling to help???
I believe the point trying to be made is that you have a topic in the malware forum, and running fixes before someone has assisted you can make things difficult in the long run.

Sorry for the wait, please keep this link in mind:
The Waiting Room: Post here if waiting for help longer than four days

Best regards.
 
Last edited:
Dropped into Recovery console, deleted every file and then the c:\windows\temp directory. Shut down and booted into safe mode and ran spybot - hurray, damned thing had gone. Started normally and ran spybot, and it (along with the temp files) had returned.

Spybot reported two .tmp files in the %win%\temp folder on my machine as win32.tiny.abk.

Are you getting the same file locations on your spybot report?

If not, perhaps make note of the files reported, and manually delete offline (ie. Windows Recovery CD).
 
Back
Top