Disinfecting a PC… part 11



All in all, what I’ve documented was a bit over three hours worth of attention to the machine (much more for the full scans, but I didn’t have to stand and watch them.) I didn’t document a sidetrip to a second antivirus scanner. It’s nice to see a system cleaned up that had been so thoroughly infected. There are a couple other notes I should pass along though. When a system has been trojaned the BEST advice is to wipe the disc and reinstall from scratch. (Erase/reformate/install from scratch.)


That’s the best way to make sure that nothing else is trojaned. *(Maybe a bug dropped a rootkit that is invisible to Windows – much like the Sony XCP Digital Rights software did?) Certainly, it’s not something you WANT to be doing. The time spent usually turns out about the same either way. (Uninstall or wipe and reinstall). One of the more time consuming processes is finding the files to salvage.

After the reinstall and cleaning I also ran netstat /a to see if there was anything listening on a network port that looked suspicious, however in reality a rootkit could hide such entries. From what I was able to see from another networked computer nothing looked suspicious though.

The earliest malware on the disc seemed to date from August of 2004 (the system was worked on in early December 2005.) I advised that word be passed along that any passwords used for online banking or credit cards should be changed and the accounts monitored for suspicious activity. The truth is there is no good way to know that those details are secure. (Within all those trojans (?)) I didn’t go through each one for a detailed analysis, but I’d certainly consider at LEAST changing online passwords for sites visited from that machine.

It’s worth noting, I didn’t mention the system restore feature. It had been disabled when I first saw the system and one of the last things I did was re-enable it. The only other things I did were let it run a full scandisk and defrag (overnight – may as well.)

The last note to pass along is that the systems user says it runs like new now. They’re going to make sure to keep the antivirus updated and try to be careful in their web browsing. It’s good to see another one cleaned up.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows XP Unable to Login After Cleaning Out Rogue Antivirus This article may come in handy if you are out there battling the latest rogue du jour. Occasionally I have been through a cleaning process for these rogues and got to a point where the scanner had run and cleaned things out (whether it was malwarebytes antimalware or superantispyware.) It......
  • How to Remove AntiMalware | Antimalware Removal Guide Antimalware is the name of a particularly interesting rogue antivirus and rogue antimalware application. One tip off that it is a rogue application is that one of it's first actions is the attempted removal of the following trusted and legitimate antivirus, security and antimalware applications: AVG, Nod32, Agnitum, Sophos, Avira,......
  • The biggest computer security vulnerability ever I talk quite a bit about computer viruses and computer security on this site. It's probably one of the bigger problems that I grapple with for my customers. Today I'm going to talk about the biggest computer security vulnerability there is. In fact, this is a general security vulnerability. It......
Blog Traffic Exchange Related Websites
  • foreclosure cleaning business and Buy a New One Today, Please Read foreclosure cleaning businessWhy Foreclosure Cleaning Companies are the Becoming Small Business of Choice For all of the reasons listed above, foreclosure cleaning businesses are becoming the small business opportunity of choice. In fact, of the fastest growing franchise opportunities on the market today, five of the top 10 are some......
  • Clean, Squat and Jerk for a Rep I'm a big fan of Olympic style weightlifting. I like the shear strength that some lifters possess, but what I like most about these lifts is actually incorporating them into my routine as they are extremely great workouts. Lifts like the clean and jerk incorporate a huge number of muscles.......
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site