From: Marco Ellmann (news.20.kobalt_at_spamgourmet.com)
Date: Mon, 17 Jan 2005 23:11:15 +0100
>>Does anyone have any suggestions as to what I should do to get rid of
> Update all the tools you have and scan with them in Safe Mode.
NO, that it not the solution!
It sounds hard, but the _only_ solution for a compromised system is to
completely erase the system partition and reinstall the operating system
from a clean boot media.
Then you have to install all available updates and hotfixes, add a user
with restricted system rights and use only this account for surfing in
And you should consider using another browser like firefox, not the
buggy internet explorer.
Also make clear, that only necessary system services are running and
deactivate for example NetBIOS, SSPD, DCOM, ALG, microsoft-ds if you
don't use them.
look here, even Microsoft explaines, why this rigorous action is the
"You can’t clean a compromised system by removing the back doors"
"You can’t clean a compromised system by using some “vulnerability
"You can’t clean a compromised system by using a virus scanner"
"The only way to clean a compromised system is to flatten and rebuild."
Also look for the "10 Immutable Laws of Security"