[Discuss] Linux bootable tool to clean Windows NTFS infections?
Rich Pieri
richard.pieri at gmail.com
Fri Dec 14 14:40:10 EST 2012
On Fri, 14 Dec 2012 16:16:42 +0000
"Edward Ned Harvey (blu)" <blu at nedharvey.com> wrote:
> norton/eset/mcafee/microsoft. It cleans, it passes the tests, and
> two weeks later, that machine is infected again, but nobody else on
> the network has the infection. Reformat once, and problem never
> comes back.
A while back we had a user's workstation infected with something, I
don't remember exactly what. We wiped and reinstalled it (Windows XP),
patched it to current, made sure that it was really clean based on load
and network traffic (the malware had an identifiable traffic signature)
and a scan with a Backtrack (IIRC) live CD.
It was reinfected two days later.
So we went back and this time around we got lucky and found the
root cause: a PDF mail attachment. The actual file was stored in the
user's mailbox on the mail server so the wipe never got rid of the
initial vector. Sure enough, as soon as the user opened up that PDF
again his computer was reinfected.
At which point I swore at Adobe a lot.
--
Rich P.
More information about the Discuss
mailing list