Re: Klone Virus

From: "Stefan Kanthak" <postmaster@[127.0.0.1]>


|
| Right, this is way to far (although it's the only reliable way to run any
| scanner; but don't forget that you NEVER can prove the absence of malware)!
|
| http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
| http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx
|
| A simple clean reinstall wiping all disks (by formatting them with NTFS)
| cleans all those malware for sure*.
| Any other means are just RIDICULOUS: "better be safe than sorry"!
|
| You, and Joe Average too, can't clean a compromised system. Especially in
| case of a Trojan it's NOT sufficient to remove the Trojan, you'll have to
| find ALL the Greeks that swamped the system!
|
| [braindead fullquote removed]
|
| Stefan
|
| * Don't forget to install XP Service Pack 2 BEFORE you connect the fresh
| installed system to ANY network.
| AND: create "restricted user" accounts for EVERY user of the system,
| NEVER use the initially created "administrator" account for any work
| except system administration.
| Also consider to turn on SRP and allow execution only in %SystemRoot% and
| beyond as well as %ProgramFiles% and beyond.

Wiping a computer can be like hitting a fly with a sledge hammer. One must make a CBA prior
to such action and if and only if it is deemed neccessary it should be done after data has
been backed up.

While a Klone Trojan might be difficult to remove, it is NOT a good reason to wip a PC
unless the performer is inexperienced and has exausted all options.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • RE: They got me!!!
    ... Trojan was probably the first thing in instead of as you assume after the ... I would begin by interrogating the kids, ... biggest headache is going to be recovering any lost accounts due to password ... I guess this will begin my forensics career and OJT... ...
    (Incidents)
  • Re: Removing CoolWebSearch (spyware)
    ... do you have a good backup of your valuables? ... fear of taking the trojan along with them? ... dirty it's tons easier to clean a not-booted drive. ... stuff is safe and clean, ...
    (alt.guitar)
  • Re: Removing CoolWebSearch (spyware)
    ... without taking the trojan along with it? ... having to boot Windows on the same drive. ... dirty it's tons easier to clean a not-booted drive. ... Reload Windows from CD ...
    (alt.guitar)
  • Re: Question for all
    ... One way to clean the trojan horse off of the system is ... He is running Norton ... Want to chat instantly with your online friends? ...
    (Security-Basics)
  • Re: Keylogger warning
    ... But now you are being insulting as well. ... still have no evidence that it was a keylogger. ... issues involving stolen WoW accounts than *Blizzard* does. ... fool trusts it when it itself is telling you "all clean now". ...
    (alt.games.warcraft)