[Discuss] virus?
Bill Ricker
bill.n1vux at gmail.com
Tue Oct 28 12:07:25 EDT 2014
On Tue, Oct 28, 2014 at 7:18 AM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
> - and you clean the virus, apply updates and close the hole -
> Viruses always install additional hooks or backdoors in order to get themselves back in after cleaning.
> The only effective defense is to completely nuke the affected systems after infection (reinstall the OS).
This is correct on Linux/BSD where the hiding places are asymptotic to
the size of the filesystem.
This was quite true in the old days for Windows too.
These days, MS provides a central Registry for applications (and
incidentally viruses) to consolidate ALL their hooks in a
single-point-of-fail. Mixed blessing that. But the Windows Trojan
authors are as lazy as App authors, so they generally innovate only in
how they hide their hooks in Registry to prevent manual disinfection
and delay automated disinfection by a few days, rather than think up
new hidden hook technology.
This Trojan is written in VB6. Not gonna be very innovative.
MS's free security scanner/repair tools are quite good at finding
bad Registry entries and expunging them without breaking other apps.
(They're the only MS Apps I recommend.)
(Might want to backup registry first just incase it decides Lab
controller needs expunging but ...)
Manual Cleaning won't work.
Automated cleaning with 2+ brands of AV including the free MS tools
doesn't ALWAYS work, but it usually does, and is worth a try if
wipe-and-rebuild is awkward or worse.
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list