Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] virus?



On Tue, Oct 28, 2014 at 7:18 AM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
> - and you clean the virus, apply updates and close the hole -
>  Viruses always install additional hooks or backdoors in order to get themselves back in after cleaning.
> The only effective defense is to completely nuke the affected systems after infection (reinstall the OS).

This is correct on Linux/BSD where the hiding places are asymptotic to
the size of the filesystem.

This was quite true in the old days for Windows too.

These days, MS provides a central Registry for applications (and
incidentally viruses) to consolidate ALL their hooks in a
single-point-of-fail. Mixed blessing that. But the Windows Trojan
authors are as lazy as App authors, so they generally innovate only in
how they hide their hooks in Registry to prevent manual disinfection
and delay automated disinfection by a few days, rather than think up
new hidden hook technology.
   This Trojan is written in VB6. Not gonna be very innovative.
   MS's free security scanner/repair tools are quite good at finding
bad Registry entries and expunging them without breaking other apps.
(They're the only MS Apps I recommend.)

(Might want to backup registry first just incase it decides Lab
controller needs expunging but ...)

Manual Cleaning won't work.
Automated cleaning with 2+ brands of AV including the free MS tools
doesn't ALWAYS work, but it usually does, and is worth a try if
wipe-and-rebuild is awkward or worse.

-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org