BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] virus?
- Subject: [Discuss] virus?
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Tue, 28 Oct 2014 12:07:25 -0400
- In-reply-to: <17ff09e3fd184c0ab6fadb7440277c74@BN3PR0401MB1204.namprd04.prod.outlook.com>
- References: <544EC564.3050307@stephenadler.com> <17ff09e3fd184c0ab6fadb7440277c74@BN3PR0401MB1204.namprd04.prod.outlook.com>
On Tue, Oct 28, 2014 at 7:18 AM, Edward Ned Harvey (blu) <blu at nedharvey.com> wrote: > - and you clean the virus, apply updates and close the hole - > Viruses always install additional hooks or backdoors in order to get themselves back in after cleaning. > The only effective defense is to completely nuke the affected systems after infection (reinstall the OS). This is correct on Linux/BSD where the hiding places are asymptotic to the size of the filesystem. This was quite true in the old days for Windows too. These days, MS provides a central Registry for applications (and incidentally viruses) to consolidate ALL their hooks in a single-point-of-fail. Mixed blessing that. But the Windows Trojan authors are as lazy as App authors, so they generally innovate only in how they hide their hooks in Registry to prevent manual disinfection and delay automated disinfection by a few days, rather than think up new hidden hook technology. This Trojan is written in VB6. Not gonna be very innovative. MS's free security scanner/repair tools are quite good at finding bad Registry entries and expunging them without breaking other apps. (They're the only MS Apps I recommend.) (Might want to backup registry first just incase it decides Lab controller needs expunging but ...) Manual Cleaning won't work. Automated cleaning with 2+ brands of AV including the free MS tools doesn't ALWAYS work, but it usually does, and is worth a try if wipe-and-rebuild is awkward or worse. -- Bill Ricker bill.n1vux at gmail.com https://www.linkedin.com/in/n1vux
- References:
- [Discuss] virus?
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] virus?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] virus?
- Prev by Date: [Discuss] virus?
- Next by Date: [Discuss] virus?
- Previous by thread: [Discuss] virus?
- Next by thread: [Discuss] Revisiting VMWare ESX backup options
- Index(es):