Cleaning up after WMF exploit – is it clean?



So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That is exactly why a clean install is usually the best treatment for a badly infested system. Ultimately to trust this cleaned system a bit better I would need to. Watch it for signs of peculiar network ports open or peculiar processes…..


Replace the suspected system files with known good copies from the Windows install disc or similar source (sp2 install), etc. ultimately I don’t know how long it would take to really say you could “trust” the platform again until it was wiped clean and reinstalled. The best advice if you’re considering a clean up like this is to think of it as a temporary step to control the infestation and get important files off.

Also, I would need to run antivirus scans on and off for some time (with updates) to increase my confidence that it’s clean. Anti-Spyware scans would be good as well.

There is at least one of step that I have failed to document in this series so far… I’ll deal with that in the next article.

Related Posts

Blog Traffic Exchange Related Posts
  • Qemu Windows XP install Well, I alluded yesterday to a struggle with installing Windows XP under Qemu. Here are some details on the long and (still winding) road. At this point I have a working XP install running under Qemu but, I've run out of disk space (2G) and need more space before I......
  • Wine-Doors the future of Windows software installing on Linux I just came across this article about wine-doors which sounds VERY promising. Of course, let me set the stage. Wine is a windows compatibility api for linux. The goal of wine is to allow windows applications to run on top of a linux system without modification (of the original windows......
  • How to Remove SoftVeteran | Soft Veteran Removal Guide SoftVeteran is the latest version of the long and seemingly never ending line of rogue antivirus programs known as the wini family. The most recent was SoftCop (see the SoftCop removal guide.) But, the line goes much further back.... Softsoldier (How to remove SoftSoldier), ( TrustFighter TrustFighter Removal Guide, TrustSoldier......
Blog Traffic Exchange Related Websites
  • Save Time, Money and Space in Over 80 Ways If you're looking for handy gadgets, tools and various items that can save you time, money or space (or all three!) this list of more than 80 top products is just what you need. Everyone's got saving money on their minds these days- whether your at the grocery store, or......
  • CounterSpy Guide CounterSpy is actually a 5 star rated anti-spyware program that you simply can’t afford to get without. A number of quality anti-virus/anti-spyware programs can be obtained, and CounterSpy is just one of several top quality utilities I’ve tested, and strongly recommend. However, it’s not the only good utility for defending......
  • How to Migrate a WP Installation from One Server to Another via Cpanel How to Migrate a WP Installation from One Server to Another via Cpanel. This post would serve as an announcement as well as a "How To". I recently moved from one hosting service to another to consolidate a part of my domains in 1 of my hosting servers and to......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site