Re: My Pharmacist Friend Called Me Yesterday
- From: "[_ '] |_| (_] ]_ |_| (_]" <cthulhu@xxxxxxxxxxxx>
- Date: Sun, 31 Jul 2005 20:21:55 -0700
"] |_| (_] _['' _['' ]-" /_\ |/_ [. Bitey:
> He said he had a lot of pop-ups coming into his third computer on the
> network. He has been on vacation in Alaska for about ten days and while
> he was gone he had temp help (several pharmacists taking turns) from a
> nearby hospital filling in for him. These pop-ups didn't start until after
> he was gone. Uh huh.. Who's been looking at p0rn? <hehehe>
>
> Anyway, I didn't know all that so I figured he just needed to go to
> Windows Update and download some patches and told him so. He insisted I
> come over to the store and take a look. Knowing he is just about
> computer illiterate I agreed to do that.
>
> Hoo boy.. I could not get IE to even start up, the virus definitions were
> a mere 352 days out-of-date and the spyware program he uses told me he was
> LOADED with all kinds of goodies but froze when asked to remove them. The
> computer C R A W L E D, his 1GB of memory notwithstanding. I could do
> NOTHING with it! He asked me what I would do and I told him it would take
> mucho sweat and tears to clean up that system so I would opt to scrub the
> drive and start from scratch. I've never seen anything like that before. I
> mean, nothing that was more fouled up and packed with not only spyware,
> malware and at least one trojan - but probably several. The task manager
> showed me most of what it had going on but wouldn't allow me to stop any
> of the "services". I guess I could have gone into Safe Mode and tried a
> few things there but DAAYAMMM, I would hate to have to do it on MY machine
> much less one with pharmaceutical pricing data that needed to be saved,
> and on a machine and OS (Windows 2000) that I was not familiar with.
>
> He had the guy who originally set up the system go over there today and
> the guy told him the same thing, scrub the drive. It was THAT bad. I got
> the shivers just thinking about it and right away decided I needed to run
> a spyware and virus scan on my machine just as soon as I got home.
> Everything turned up ~clean~, thank the gods. I WILL be paying more
> attention to keeping the updates going after seeing what all can happen
> without doing it.
most of the time, the task manager won't let you stop service-based
processes on Windows. It is useful to find out which ones re-spawn though.
I usually check task manager, then services via admin tool thingy (kill
the services here), then registry. netstat -a and netstat -nr are useful
to check what connections the machine has established - and where to.
Other than that, hijack this is a cool tool. (reboot, rinse, repeat...)
Since people often run programs I haven't worked with, I sometimes have to
check their program menus and desktop shotcuts to see what is legit and
what aint.
Beyond that - if they know when something really started - and, being that
they are users, they won't give you a straight answer anyway (but on the
off chance) - you can sort files in the system folders, as well as the
program folders for modification by time.
Sad as it seems, antivirus software I have seen is completely ineffective
against malware and trojans (!). So, the time invested in cleaning a
machine by hand is rather great compared to the return.
It is more efficient to re-image the machine w/
Ghost/Alteris/ZEN/something like that...
What is really sad is that the users that hosed the system in the first
place will just hose it again.
I'm hearing that if you are able to lock down not only inbound traffic on
the firewall, but employ stringently exclusive rules even for outbound
traffic that the malware fight is easier and the usable connectivity is
better. [My work firewall totally sucks so I can't speak from experience
there]
--
Penguin on right shoulder: free
Beastie on left shoulder: free
Freedom from the Redmond theme: priceless...
/_\ ]_ ]_ _/ [_] [_] |7_ ]! /_\ _[" [. /_\ |7_ [.
]! [. ]_ [_] ]\[ [_, "] [_] (_] _["
[_ "] |_| (_] ]_ |_| (_]
.
- Prev by Date: Re: Homeland Insecurity?
- Next by Date: Re: My Pharmacist Friend Called Me Yesterday
- Previous by thread: Re: My Pharmacist Friend Called Me Yesterday
- Next by thread: Re: My Pharmacist Friend Called Me Yesterday
- Index(es):
Relevant Pages
|
