Re: adwware

From: Marco Ellmann (news.20.kobalt_at_spamgourmet.com)
Date: 01/17/05

• Next message: Eugene Taylor: "Re: Remote Desktop thru VPN and Network Security"
• Previous message: Phillip Windell: "Re: Canceling an account"
• In reply to: Malke: "Re: adwware"
• Next in thread: Bigbruva: "Re: adwware"
• Reply: Bigbruva: "Re: adwware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 17 Jan 2005 23:11:15 +0100

>>Does anyone have any suggestions as to what I should do to get rid of
>>these pests?
>>Thank you!!
>>Judy
>
>
> Update all the tools you have and scan with them in Safe Mode.
>
> Malke

NO, that it not the solution!
It sounds hard, but the _only_ solution for a compromised system is to
completely erase the system partition and reinstall the operating system
from a clean boot media.
Then you have to install all available updates and hotfixes, add a user
with restricted system rights and use only this account for surfing in
the future.
And you should consider using another browser like firefox, not the
buggy internet explorer.
Also make clear, that only necessary system services are running and
deactivate for example NetBIOS, SSPD, DCOM, ALG, microsoft-ds if you
don't use them.

look here, even Microsoft explaines, why this rigorous action is the
only way:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"You can’t clean a compromised system by removing the back doors"
"You can’t clean a compromised system by using some “vulnerability
remover.” "
"You can’t clean a compromised system by using a virus scanner"
"The only way to clean a compromised system is to flatten and rebuild."

Also look for the "10 Immutable Laws of Security"
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Regards

Marco Ellmann

---

• Next message: Eugene Taylor: "Re: Remote Desktop thru VPN and Network Security"
• Previous message: Phillip Windell: "Re: Canceling an account"
• In reply to: Malke: "Re: adwware"
• Next in thread: Bigbruva: "Re: adwware"
• Reply: Bigbruva: "Re: adwware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Why we patch..... ... You can't clean a compromised system by patching it. ... the attacker ... You can't clean a compromised system by removing the back doors. ... You can't clean a compromised system by using some "vulnerability ... (microsoft.public.windows.server.sbs) Re: Am I hacked? ... the attacker ... You can't clean a compromised system by removing the back doors. ... >> published vulnerability removers for Blaster. ... (microsoft.public.windows.server.sbs) Re: Very Slow XP Shutdown ... You can.t clean a compromised system by patching it. ... You can.t clean a compromised system by removing the back doors. ... You can never guarantee that you found all the back doors the attacker ... You can.t clean a compromised system by using some .vulnerability ... (microsoft.public.security.virus) Re: Very Slow XP Shutdown ... You can.t clean a compromised system by patching it. ... You can.t clean a compromised system by removing the back doors. ... You can never guarantee that you found all the back doors the attacker ... You can.t clean a compromised system by using some .vulnerability ... (microsoft.public.security.virus) OT: Why we patch..... ... You can’t clean a compromised system by patching it. ... the attacker ... You can’t clean a compromised system by removing the back doors. ... You can’t clean a compromised system by using some “vulnerability ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-01