Re: adwware

From: Marco Ellmann (news.20.kobalt_at_spamgourmet.com)
Date: 01/17/05


Date: Mon, 17 Jan 2005 23:11:15 +0100


>>Does anyone have any suggestions as to what I should do to get rid of
>>these pests?
>>Thank you!!
>>Judy
>
>
> Update all the tools you have and scan with them in Safe Mode.
>
> Malke

NO, that it not the solution!
It sounds hard, but the _only_ solution for a compromised system is to
completely erase the system partition and reinstall the operating system
from a clean boot media.
Then you have to install all available updates and hotfixes, add a user
with restricted system rights and use only this account for surfing in
the future.
And you should consider using another browser like firefox, not the
buggy internet explorer.
Also make clear, that only necessary system services are running and
deactivate for example NetBIOS, SSPD, DCOM, ALG, microsoft-ds if you
don't use them.

look here, even Microsoft explaines, why this rigorous action is the
only way:
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

"You canít clean a compromised system by removing the back doors"
"You canít clean a compromised system by using some ďvulnerability
remover.Ē "
"You canít clean a compromised system by using a virus scanner"
"The only way to clean a compromised system is to flatten and rebuild."

Also look for the "10 Immutable Laws of Security"
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Regards

Marco Ellmann



Relevant Pages

  • Re: Why we patch.....
    ... You can't clean a compromised system by patching it. ... the attacker ... You can't clean a compromised system by removing the back doors. ... You can't clean a compromised system by using some "vulnerability ...
    (microsoft.public.windows.server.sbs)
  • Re: Am I hacked?
    ... the attacker ... You can't clean a compromised system by removing the back doors. ... >> published vulnerability removers for Blaster. ...
    (microsoft.public.windows.server.sbs)
  • Re: Very Slow XP Shutdown
    ... You can.t clean a compromised system by patching it. ... You can.t clean a compromised system by removing the back doors. ... You can never guarantee that you found all the back doors the attacker ... You can.t clean a compromised system by using some .vulnerability ...
    (microsoft.public.security.virus)
  • Re: Am I hacked?
    ... the attacker ... You canít clean a compromised system by removing the back doors. ... > published vulnerability removers for Blaster. ...
    (microsoft.public.windows.server.sbs)
  • Re: Very Slow XP Shutdown
    ... You can.t clean a compromised system by patching it. ... You can.t clean a compromised system by removing the back doors. ... You can never guarantee that you found all the back doors the attacker ... You can.t clean a compromised system by using some .vulnerability ...
    (microsoft.public.security.virus)