Re: I think I have virus after all....
- From: Polychromic <macecil@xxxxxxxxx>
- Date: Fri, 11 Jan 2008 01:02:10 -0600
On Thu, 10 Jan 2008 23:26:59 GMT, Ashikaga <citizenashi@xxxxxxxxxxx>
wrote:
Hi, :-(
It's kinda weird and hard to believe. I think Hank has virus after all,
even though it has software's firewall and router's firewall....
I booted up my computer and found the task bar is all messed up....
Whoever did the intrusion just wanted to be known s/he exists. After years
of experience through having a job, I learned one thing dearly, human minds
can be very irrational especially one who is very predetermined to conduct
a crime. Perhaps my classes were dropped by the same person(s)?
Anyways, that aside, now onto the practical. What's the most certain way
to resecure the system? I tried to find you guys' recommendation for a
good anti-virus software. Found the old post about Symantec Anti-virus
Poly suggested (which must be bought in bulk, so that's out of the
question), and an old thread about erimess's computer being compromised.
And that's about it. Google group just isn't very good I think....
Any help would be very appreciated. Thanks!
The most certain way? Zero the drive with something like DBaN
http://dban.sourceforge.net/, then reinstall the OS from scratch after
disconnecting your network cable. Install a good AV. Make sure the
firewall is working. Reconnect the network cable and update the OS and
AV. Restore from backups only files you are 100% certain are virus-free
and even then the AV scanner should be used on them first.
Most of the viruses I see these days are bot network worms or rootkit
types that try to hide from the OS. You can try and find them using a
clean boot. First pipe a list of all the files on the system drive to a
file while booted up normally. Then do a clean boot with your BartPE or
Linux disc. Pipe a list of all the files on the system drive to a file.
Compare the two lists. The differences will show the hidden files and
folders, but not the hidden registry entries. That takes additional
steps.
You might just want to run Mark Russinovich's tools accessenum and rootkit
revealer on your system to see what might be out of place.
http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx?wt.svl=leftnav.aspx?wt.svl=leftnav
Another thing to do is to clear everything out of the \windows\prefetch
folder except layout.ini. Then reboot a few times and see if there are
any entries referencing files that you're not familiar with.
--
The Polychromic Dragon of the -=={UDIC}==-
Webpage http://macecil.googlepages.com/index.htm
RGCUD Dragon Gallery http://home.roadrunner.com/~rgcud/
.
- Follow-Ups:
- Re: I think I have virus after all....
- From: Ashikaga
- Re: I think I have virus after all....
- References:
- I think I have virus after all....
- From: Ashikaga
- I think I have virus after all....
- Prev by Date: I think I have virus after all....
- Next by Date: Re: I think I have virus after all....
- Previous by thread: I think I have virus after all....
- Next by thread: Re: I think I have virus after all....
- Index(es):
Relevant Pages
|
