Re: *** spammers

On Wed, 04 Jan 2006 17:06:21 +0000, Mike <mike@xxxxxxxxxxxx> wrote:

>>A virus is simply a computer program that is loaded from
>>the HDD the same as any other program. If you can positively identify
>>which files contain the unwanted code, remove all references to them
>>and delete them or otherwise prevent them from being executed, you
>>have "cleaned" the system just as well as you would by formatting &
>>reloading the operating system.

>There's the rub. It's never possible to be sure that you've
>identified all the changed files (except perhaps if you have something
>like MD5 sums of all the directories).

You can certainly do that with all the executable files on your system
- which will not change much.

>>Of course, a lot of things have to be checked, and is is *possible*
>>that malicious code exists that is undetected, or that somewhere along
>>the line your wanted code has been adversely damaged (altered). So it
>>is true to say that the only way to be *certain* that the system is
>>100% uncompromised is to clear the HDD and start again from scratch

>which is exactly what I said! In practice, it's impossible to be sure
>that a back-door into the system hasn't been left.

Just as it is impossible to be sure that you are not infected by a
worm or exploit within seconds after connecting to the Internet after
spending the past several days reinstalling your system, your
applications and hunting down keys etc. So your "solution" is no more
certain than using a good cleaning system and hoping that it has found
all there is to find.

--
Cynic

.