Re: Hijack Logs To Tom Coyote
- From: Sebastian Gottschalk <seppi@xxxxxxxxx>
- Date: Tue, 13 Jun 2006 20:51:43 +0200
John Gregory wrote:
I'm hoping I may not have to flatten and rebuild because that's going
to be a bit of a job for me.
If your system was compromised, then flattening and rebuilding is the
only reasonable way to regain a trusted and reliable system. And exactly
because it's so time-consuming, you should consider some things:
- When utilizing Least Privilige principle correctly, you only need to
flatten the user's account.
- Avoiding the malware in first place safes you from such circumstances.
- Backups are great!
Years ago, I began putting all my user files and critical program
files that setup the various programs I use into one folder set
separate from "My Documents".
"My Documents" is a confusing and useless redirect within the file system.
The plan was to automate backup of that entire file set.
Hm... xcopy $src $dst /m /d /e /c /i /f /h /z ? What a hard plan. :-)
I know... don't even say it. What an idiot I've been.
Point is that you cannot trust compromised data. So the programs need to
be downloaded or copied again, whereas the non-executable user data
should be carefully analyzed for sanity. For your favorite pr0n JPEG
collection or your savegames this might not make any difference, but is
relevant for f.e. a spreadsheet with money accounting data - one
addition '0' in your tax declaration could become a serious problem.
As for reading those logs... I don't have that level of knowledge. It
has to be done by those people on the forums.
Hijackthis gives a pretty clear description what this log entries are
telling. Usually the rest is actually an interpretation based on what
you know about your system (software installation base, configuration).
F.e. I'm fully aware that my HOSTS file has been relocated and is not
writable as a restricted user :-)
Any suggestions you can give (and I'll take the chiding. I deserve
it.) would be appreciated.
Fix your quoting. :-)
- Prev by Date: Re: Hijack Logs To Tom Coyote
- Next by Date: Re: Hijack Logs To Tom Coyote
- Previous by thread: Re: Hijack Logs To Tom Coyote
- Next by thread: Re: Hijack Logs To Tom Coyote