Re: scared ??itless
From: Philip Herlihy (foof8501_at_herlihy.eu.veil.com)
Date: 10/20/04
- Next message: Philip Herlihy: "Accessing NTFS drive by mounting on another machine"
- Previous message: AndyMac: "Re: New viral process: CSDATA32.EXE jams network traffic"
- In reply to: mara: "scared ??itless"
- Next in thread: Philip Herlihy: "Re: scared ??itless"
- Reply: Philip Herlihy: "Re: scared ??itless"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Oct 2004 10:33:22 +0100
If you can get the machine booted in safe mode (tap F8 every couple of
seconds as the machine boots until you get a menu offering that option) and
you can get Administrator privileges, then you have a chance. Otherwise, I
wouldn't delay reinstalling.
Unplug the wireless card first. Then reboot into Safe Mode. Remove all
other administrators. Then get any data ,(& settings, account information,
etc) you can off the machine (as USB external hard drive is good for this).
Then decide whether you want the long haul of trying to track down and
remove every trace of these intrusions, or whether it's simply better to
reinstall anyway.
The key elements of security:
1 don't be gullible when online
2 Firewall
3 Antivirus
4 windows updates (XP SP2 is the most secure version yet)
5 strong passwords
6 don't run as an administrator when you don't have to.
When deciding whether to reinstall, consider this: years ago, when I was a
Unix beardie, I stumbled on a single bit (ie 1 or 0) which, if changed from
its normal setting, would give me superuser access to any machine (provided
I had physical console access in this case). Completely undetectable unless
you knew the trick and went looking for it. Are you confident that you'll
ever get your machine to the state where you've removed everything
equivalent in Windows? Sorry I don't have better news for you...
I've just thought of one other remote possibility. If your machine is part
of a domain (only likely if it's part of an office network) then you may be
able to mount your harddrive as a passive (non-booting) second disk on
another machine in the same domain. Because it's the same domain, you'll be
able to access the files by logging on the new host machine. If you try to
mount the disk on any other machine, you'll find the NTFS file permissions
will do a good job of denying you access to your files. Of course, if the
disk is FAT32, then it'll work regardless. You can get external USB drive
adapters quite cheaply (£25). I'd still be inclined to salvage the data and
then reinstall, though.
I've meant for some time to ask if there is a way round the NTFS "problem"
when mounting a drive on another machine. I'll break this out into a second
thread (as you have other things on your mind).
-- #################### ## PH, London #################### "mara" <mara@discussions.microsoft.com> wrote in message news:F24F83D1-D027-4031-ACE7-A06DE318BFF8@microsoft.com... > could someone please advise me on a solution short of completely erasing > my > hard drive. my pc has been taken over by someone. I cant even run any > virus > scans. They get to a certain point and BOOM the pc turns off without > warning? No shutdown warning, no blue screen just black. This also > occured > if i was on the web researching possible viral infection symptons. There > are > a bunch of wierd entries in the registry, and there are now 2 other > administrators, they have even limited my athority! now i cant even get > on > internet. I check my status for my wireless card and it is sending > millions > of packets out but to who. there is now an incoming client on my network > connections. any ideas. please > thanks, > marianne
- Next message: Philip Herlihy: "Accessing NTFS drive by mounting on another machine"
- Previous message: AndyMac: "Re: New viral process: CSDATA32.EXE jams network traffic"
- In reply to: mara: "scared ??itless"
- Next in thread: Philip Herlihy: "Re: scared ??itless"
- Reply: Philip Herlihy: "Re: scared ??itless"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
