Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Linux bootable tool to clean Windows NTFS infections?



On Fri, 14 Dec 2012 16:16:42 +0000
"Edward Ned Harvey (blu)" <blu at nedharvey.com> wrote:

> norton/eset/mcafee/microsoft.  It cleans, it passes the tests, and
> two weeks later, that machine is infected again, but nobody else on
> the network has the infection.  Reformat once, and problem never
> comes back.

A while back we had a user's workstation infected with something, I
don't remember exactly what. We wiped and reinstalled it (Windows XP),
patched it to current, made sure that it was really clean based on load
and network traffic (the malware had an identifiable traffic signature)
and a scan with a Backtrack (IIRC) live CD.

It was reinfected two days later.

So we went back and this time around we got lucky and found the
root cause: a PDF mail attachment. The actual file was stored in the
user's mailbox on the mail server so the wipe never got rid of the
initial vector. Sure enough, as soon as the user opened up that PDF
again his computer was reinfected.

At which point I swore at Adobe a lot.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org