Trojan DD:

[TezzRexx]

keygens

My downfall, lul

[cheeseandham]

Cheers Ham! Btw how's the sprog?

np. sprog is actually pretty great - I'm starting to be afraid that I'll turn into one of those parents that says "look at my kids" whilst slapping people in the face repeatedly with said sprog photos (a la Family Guy)

[TezzRexx]

Well the Trojans have been removed allegedly, they were in my system restore folder.

I'm still nervous and tempted to format, I'm just unsure if that would be of use or would the Trojan still be lurking?

[Dr. kitteny berk]

always scan them with your resident AV, and the one I linked up there a bit.

then use them on someone else's machine, or at least from sandboxie, or a sacrificial machine.

[Dr. kitteny berk]

Well the Trojans have been removed allegedly, they were in my system restore folder.

I'm still nervous and tempted to format, I'm just unsure if that would be of use or would the Trojan still be lurking?

If it's smart enough to lurk in system restore, it's quite possible it's lurking elsewhere too, but it might not be - Unless you're doing a full format of all your currently connected storage, it's probably not worth doing.

My usual course of action is to get the machine as clean as possible, reboot, scan again, clean (if needed) and repeat.

Using different AV apps can help a little, but I'd honestly just use nod32, then buy it off mr. ham.

[cheeseandham]

... or a virtual machine (except probably not a good idea on a games machine, but I find them great for testing stuff in the ultimate of sandboxes)

[Dr. kitteny berk]

... or a virtual machine (except probably not a good idea on a games machine, but I find them great for testing stuff in the ultimate of sandboxes)

I use one for such things, but I'm not completely confident that evil can't get out.

[cheeseandham]

Remember this
http://www.5punk.co.uk/wiki/index.php?t ... quest_Help
If you do reformat, get yourself an imaged up. And take an image before doing anything risky.
Forget my last comment, an image is the ultimate sandbox

[cheeseandham]

I use one for such things, but I'm not completely confident that evil can't get out.

If you switch off the virtual network adapter once moving said risky items to it then I can't imagine any way that it could.
Maybe osmosis?

[Dr. kitteny berk]

the network is my main worry, but yup, disabling once the questionable app is there should be fine.

[FatherJack]

If you switch off the virtual network adapter once moving said risky items to it then I can't imagine any way that it could.
Maybe osmosis?

I think it could potentially still write to the ..//xphost or whatver the default share is called, and perhaps mess with the VM tools if they're installed.

[cheeseandham]

and perhaps mess with the VM tools if they're installed.

And therein shows the mind of a cold bloodied killer
Good point

[Dr. kitteny berk]

And therein shows the mind of a cold bloodied killer
Good point

It's always the quiet ones.

[fabyak]

Fire up this:

http://technet.microsoft.com/en-us/sysi ... 63902.aspx

then go to options up the top and hide Microsoft Entries and then scour the remaining list. If there is anything fishy there or claiming to be MS stuff, chances are it is a nasty. The majority of them will have a publisher listed which bad things won't (or not a legit one anyway) but that's not to say that ones without a publisher are bad (see: 7zip/winRAR)