Re: In order to remove exectued malware, reinstall your operating system

Root Kit wrote:
On Tue, 24 Jun 2008 20:00:10 -0400, kurt wismer <kurtw@xxxxxxxxxxxx>
wrote:

and analysis will be hard after you've flattened the box... analysis first, then removal...

Since an infected machine cannot be trusted,

technically its the suspect environment that can't be trusted... despite hand waving about hardware {whatever}'s, they are as yet not credible threats so you should be able to boot a suspect machine from a known-clean bootable removable medium and trust that environment...

you cannot do proper
analysis on the infected system anyway. If you want to do such a thing
you can keep a mirror of the system for later analysis.

indeed you can, but since people have been advocating "flatten and rebuild" rather than "make an image, flatten and rebuild" we arrive once again at presenting purely removal advice to people who need recovery...

also, doing removal before diagnosis has the very likely chance of putting the system back into harm's way without taking the steps needed to prevent the exact same compromise from happening again...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
.

Quantcast