|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary
[1,407]
Women 4 times more likely than men to cough up personal info
[589]
Japan's 10 funniest tech-related commercials [Videos]
[407]
Throwing away a promo CD is "unauthorized distribution"?
[1,265]
Adults too quick to dismiss educational video games
[682]
Attack of the iPhone clones [Slideshow]
[578]
10 things IT needs to know about AJAX
[1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow]
[409]
|
|
check running services also........
run msconfig and check the currently active services. Any suspicious item seen go to that source and remove it.also keep ur Temp Files clean.
Sometimes that's just quicker
Not to mention at least then you're SURE there is nothing left from an infestation. From a corporate standpoint, once the system is compromised, it's hard to trust, due to the commonality of rootkits, and VERY sneaky installation/survival mechanisms.
A system usually CAN be cleaned completely, but it WILL take some time, especially if it's heavily infested. It's often easier (and you can be more confident it's clean) if you just pull off your files (and scan them THOROUGHLY), and reload the OS. Not to mention, oftimes the infestation has damaged the OS as part of it's survival tricks, and the repair is harder/longer than a simple re-install.
I have seen it many times, a system appears to be clean, only to have it revert within days to a zombie.
An Even Better Idea...
For corporate environments, create a Norton Ghost (or open-source alternative) image of a clean system. Update it periodically with patches and new apps. Once a system is compromised, dump the known-good image onto the PC. This technique lets me get a system up and running within about 30 minutes. Quick, simple and minimum down-time for the user.
I disagree with the necessity of flatten & rebuild until efforts
I disagree with the necessity of flatten & rebuild until efforts to clean have been tried.
There are plenty of tools to help out there, like IceSword & RootKitRevealer.
One thing which I strongly recommend is to run HijackThis on the system when it is clean and save its log. Makes it much easier to compare against a suspected infected system.
Return to known good but analyze
If you suspect that your system has been compromised, regardless of the INITIAL or APPARENT vector, you should be starting from a known good state. You need to trust your system, and if someone else has had control of it for any given period of time, there is no telling what else besides the vectors that you detect may be present. Read up on rootkits, stealth malware and the like. If you have the time, inclination, and resources, do a Ghost image of the INFECTED system. Then wipe it out and use a clean Ghost image to restore it to a good state. When you have time, restore the bad image to a sacrificial PC or VM session and follow the other advice above regarding sniffers and such. It is always good to know what the malware was, (could be keylogger, password capture, spam generator, who knows!) and take action to change anything that may have been compromised.
MadMark
Post new comment