Re: cOOL

From: cquirke (MVP Win9x) (cquirkenews_at_nospam.mvps.org)
Date: 12/05/04 

Date: Sun, 05 Dec 2004 21:51:35 +0200

On Sun, 05 Dec 2004 05:05:54 -0800, Malke
>paintpearl wrote:

>All scans should be done in Safe Mode.

Hi Malke!

>1) Scan in Safe Mode with current version (not earlier than 2003)
>antivirus using updated definitions.

I've wondered what "not earlier than 2003" refers to - specifically,
Norton? I'd have thought if an engine was new enough to still get
updates, it would be new enough to use.

I wonder what % of infected PCs have malware < 1 week old at time of
infection? After all, there's a lot of selection pressure exerted by
ISPs that scan for currently-known malware, etc.

If, as I suspect, a large % of ITW attacks will be < 1 week old, then
the av simply has to be freshly updated to be relevant.

Not to say old attacks are gone, e.g. there are still plenty of old
Lovesan/Blaster direct attacks etc. out there.

>2) Remove spyware ... a good idea to do in Safe Mode.

You may need to repeat these scans on a per-account basis, given that
they often patch in within account-specific settings that may be
missed when scanning from the admin account in Safe Mode.

>3) With XP, you can delete all but the most recent (presumably
>clean) System Restore point

You can only presume the most recent restore point to be clean if you
know it was done after the PC was cleaned. The best way to know that,
is by manually creating a restore point straight after cleaning up.

So my advice would be to purge all restore points straight after
cleaning the PC, and then immediately make a new baseline restore
point (as well as other fall-backs, e.g. in Spyware Blaster, HOSTS
etc.). That approach can apply to both WinME and XP.

>4) Make sure you've visited Windows Update and applied all security
>patches. Do not install driver updates from Windows Update.

Amen

>5) Run a firewall.

Yep. Also, verify that your av and firewall are working, and that
they can update themselves - given how many malware attack and disable
these defences, and how such damage can persist after malware's gone.

<links slurped and burped to Notepad for laater>

>--------------- ---- --- -- - - - -
   I'm baaaack!
>--------------- ---- --- -- - - - -

Relevant Pages

  • Re: Restore Question....
    ... The only thing I received when I bought this mini tower is an express service ... Are the Windows Updates listed -Start, Control Panel, Add / Remove ... About three weeks ago I tried to use the System Restore feature to ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Server 2003 R2 SP1 wacked after updates. Should I restore system state?
    ... Will a system state restore put the DLL's, registry settings, and AD ... screwed the server up. ... We use all updates coming with WSUS and some small test before without any ...
    (microsoft.public.windows.server.general)
  • Re: windows update corrupts my kernel
    ... NEVER use System Restore to "undo" updates!!!! ... If you have Vista configured to automatically _Download and Install_ updates ...
    (microsoft.public.windowsupdate)
  • Re: Restore Question....
    ... Did you buy computer at a local store or online? ... the updates are listed in my Add/Remove Programs." ... Are the Windows Updates listed -Start, Control Panel, Add / Remove ... About three weeks ago I tried to use the System Restore feature to ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Restore Question....
    ... In Start, Control Panel, Automatic Updates uncheck Automatic and check ... "Notify me but don't automatically download or install". ... computer up-to-date with Windows Update and opt for a Custom install. ... About three weeks ago I tried to use the System Restore feature ...
    (microsoft.public.windowsxp.perform_maintain)