Re: Hijack Logs To Tom Coyote

From: Sebastian Gottschalk <seppi@xxxxxxxxx>
Date: Tue, 13 Jun 2006 20:51:43 +0200

John Gregory wrote:

I'm hoping I may not have to flatten and rebuild because that's going
to be a bit of a job for me.

If your system was compromised, then flattening and rebuilding is the
only reasonable way to regain a trusted and reliable system. And exactly
because it's so time-consuming, you should consider some things:

- When utilizing Least Privilige principle correctly, you only need to
flatten the user's account.
- Avoiding the malware in first place safes you from such circumstances.
- Backups are great!

Years ago, I began putting all my user files and critical program
files that setup the various programs I use into one folder set
separate from "My Documents".

"My Documents" is a confusing and useless redirect within the file system.

The plan was to automate backup of that entire file set.

Hm... xcopy $src $dst /m /d /e /c /i /f /h /z ? What a hard plan. :-)

I know... don't even say it. What an idiot I've been.

Point is that you cannot trust compromised data. So the programs need to
be downloaded or copied again, whereas the non-executable user data
should be carefully analyzed for sanity. For your favorite pr0n JPEG
collection or your savegames this might not make any difference, but is
relevant for f.e. a spreadsheet with money accounting data - one
addition '0' in your tax declaration could become a serious problem.

As for reading those logs... I don't have that level of knowledge. It
has to be done by those people on the forums.

Hijackthis gives a pretty clear description what this log entries are
telling. Usually the rest is actually an interpretation based on what
you know about your system (software installation base, configuration).
F.e. I'm fully aware that my HOSTS file has been relocated and is not
writable as a restricted user :-)

Any suggestions you can give (and I'll take the chiding. I deserve
it.) would be appreciated.

Fix your quoting. :-)
.

References:
- Hijack Logs To Tom Coyote
  - From: John Gregory
- Re: Hijack Logs To Tom Coyote
  - From: Sebastian Gottschalk
- Re: Hijack Logs To Tom Coyote
  - From: John Gregory

Prev by Date: Re: Hijack Logs To Tom Coyote
Next by Date: Re: Hijack Logs To Tom Coyote
Previous by thread: Re: Hijack Logs To Tom Coyote
Next by thread: Re: Hijack Logs To Tom Coyote
Index(es):
- Date
- Thread

Relevant Pages

Re: Hijacker
... There are a number of programs which can remove most spyware without ... He is right in that flattening and rebuilding the system is the only way ... Do you think that one could reasonably work with a computer that must be reasonably distrusted with everything he does? ...
(alt.computer.security)
Re: Hijacker
... | He is right in that flattening and rebuilding the system is the only way ... | to _guarantee_ that all malware has been removed. ...
(alt.computer.security)
Re: Hijacker
... requiring such drastic and tiresome methods. ... He is right in that flattening and rebuilding the system is the only way ...
(alt.computer.security)
Re: Hijacker
... There are a number of programs which can remove most spyware without ... He is right in that flattening and rebuilding the system is the only way ... to _guarantee_ that all malware has been removed. ...
(alt.computer.security)