Would you continue using a HD you disinfected--or do a clean reinstall or Ghost an older HD image?
RayLopez99
disinfected? Don't you feel better with a known PC that never had a
virus? Do you eat your own cooking?
BTW while this was my first Windows virus in a long while, I still
have confidence in Windows and would never switch to Linux--not worth
the loss of functionality.
RL
Thanks FromTheRafters. Using a stand alone CD provided (downloaded
from) by Kaspersky, running under LInux, which is ironic for a Windows
user like me but understandable (as you want to find rootkits), the
Kasperksy CD found an infection by "trojan-downloader.Win32.Agent.
{RANDOM FOUR LETTERS ADDED AT END}". Once I removed this (using the
same CD) I no longer get reboots. Problem solved.
Question: should I do a clean reinstall and/or reinstall from a month
ago when my system was known to be clean? Or can I trust Kaspersky
has removed this trojan?
My thoughts: I like doing a clean reinstall once in a while since you
get rid of junk programs that the Revo uninstaller (an excellent
program I use) or Windows Uninstall failed to completely remove. On
the other hand, why go through the several hours if not half a day's
worth of work to reinstall from a clean slate?
I'm leaning towards uninstall as well as changing passwords on all
online accounts in case this trojan was a keyboard logger (I don't
think it is--but there's so many variants of this trojan it's hard to
tell what it does).
Dustin
ae89-203...@a27g2000yqc.googlegroups.com:
> Just what the title says. Do you really feel good using a PC you
have
> disinfected? Don't you feel better with a known PC that never had a
> virus? Do you eat your own cooking?
It depends on what I found on the machine. for example, while messing
around with a malware sample a couple of years ago; it got loose. I
thought I cleaned everything up, but it did patch a few critical dll
files on me.
Once I replaced them with hash'd known good ones, the issue was
resolved. So for this case, reinstalling windows, then the apps, then
configuration of everything (which for this machine, is a lot! of
software)... disinfection was the better choice. I have every folder
contents hash'd and stored on read only media, so I can boot bart
anytime and replace bad/modded files.
IE: I took the time to do the prep work so I can recover from any
situation that might present itself.
That and the box is happily imaged via ghost to an external HD and
across the lan to the server.
> BTW while this was my first Windows virus in a long while, I still
> have confidence in Windows and would never switch to Linux--not worth
> the loss of functionality.
Did you actually have a virus or something else, Ray?
--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.
JeffM
>[...]a PC you have disinfected?
>
The proper way to disinfect a PC
is to overwrite the Windoze partition with a Linux install.
"Disinfecting" includes getting rid of your easily-infected toy OS
and its easily-infected toy M$ filesystems.
Barring that,
overwrite ALL of the drives containing Windoze filesystems.
DBAN has been pointed out to you before
as has the Linux dd command.
Other than overwriting EVERYTHING that uses M$ "technology",
there is no other way to be sure
that you have gotten ALL the infections off a Windoze system.
(aka "Nuke it from orbit; it's the only way to be sure.")
>Don't you feel better with a known PC that never had a virus?
>
Fantasy.
You can NEVER be sure
that a Windoze box DOESN'T have an infection.
All you can know is that the anti-whatever app THAT YOU RAN
didn't find anything at the time you ran it.
The Black Hats are smarter than
your AV vendor and the M$ "designers" combined.
>I still have confidence in Windows
>
...and the Easter Bunny and Santa Claus.
>and would never switch to Linux
>
...yet you post your mindless Windoze drivel to a Linux group.
Loser.
Sjouke Burry
> Just what the title says. Do you really feel good using a PC you have
> disinfected? Don't you feel better with a known PC that never had a
> virus? Do you eat your own cooking?
I am writing this response from a computer, which had about 3 types of
viri removed from it in the last 7 years.
Never had to re-install XP.
Never needed the disk image copies I have on a backup disk.
So yes, I am feeling fine about using this computer.
RayLopez99
> RayLopez99 <raylope...@gmail.com> wrote in news:5974be1e-76cc-44c7-
> ae89-203bf953c...@a27g2000yqc.googlegroups.com:
>
>
>
> > Just what the title says. Do you really feel good using a PC you
> have
> > disinfected? Don't you feel better with a known PC that never had a
> > virus? Do you eat your own cooking?
>
> It depends on what I found on the machine. for example, while messing
> around with a malware sample a couple of years ago; it got loose. I
> thought I cleaned everything up, but it did patch a few critical dll
> files on me.
>
> Once I replaced them with hash'd known good ones, the issue was
> resolved. So for this case, reinstalling windows, then the apps, then
> configuration of everything (which for this machine, is a lot! of
> software)... disinfection was the better choice. I have every folder
> contents hash'd and stored on read only media, so I can boot bart
> anytime and replace bad/modded files.
Wow man, how do you do something like that? I've hash'd a single file
using some freeware tool but to hash every file in a HD must require
some proprietary software I would imagine. I think Microsoft should
do that for all system files: have a dictionary of known good hashes
and compare any changes to that dictionary,and at least warn the user
if these critical system file hashes change.
>
> IE: I took the time to do the prep work so I can recover from any
> situation that might present itself.
>
> That and the box is happily imaged via ghost to an external HD and
> across the lan to the server.
>
> > BTW while this was my first Windows virus in a long while, I still
> > have confidence in Windows and would never switch to Linux--not worth
> > the loss of functionality.
>
> Did you actually have a virus or something else, Ray?
Yes Kaspersky recognized it as Trojan-Downloader.Win32.Agent. This
Kaspersky was on a Linux DVD and run at boot time. Caught and removed
the virus, no more sudden reboots after that, but being paranoid I
went ahead and did a complete flatten and rebuild of my system (and
still doing it as we speak--I took a break just now to post here).
>
> --
> I am a sinner
> Hold my prayers upto the sun
> I am a sinner
> Heaven's closed for what I've done.
Did you kill somebody? Or just .killfile them? At least you're past
your unsanitary hand problem. ;-)
RL
RayLopez99
> Dopez wrote:
> >[...]a PC you have disinfected?
>
> The proper way to disinfect a PC
> is to overwrite the Windoze partition with a Linux install.
>
> "Disinfecting" includes getting rid of your easily-infected toy OS
> and its easily-infected toy M$ filesystems.
>
> Barring that,
> overwrite ALL of the drives containing Windoze filesystems.
> DBAN has been pointed out to you before
> as has the Linux dd command.
Oh, yes, you're the shithead that pointed out DBAN to me. Got news
for you pal: I tried DBAN, but since the MBR was corrupted, it (and
for that matter Acronis Disk Manager) refused to see the internal HD
on boot. Solution? Easy, just reinstall Windows (which has a format
command--I guess a "quick" format but still a format, on initial
installation), install Acronis, and then use Acronis (just to be extra
safe) to reformat, then install Windows again, and proceed.
"THANKS" --for nothing, you know-nothing.
>
> Other than overwriting EVERYTHING that uses M$ "technology",
> there is no other way to be sure
> that you have gotten ALL the infections off a Windoze system.
> (aka "Nuke it from orbit; it's the only way to be sure.")
>
> >Don't you feel better with a known PC that never had a virus?
>
> Fantasy.
> You can NEVER be sure
> that a Windoze box DOESN'T have an infection.
> All you can know is that the anti-whatever app THAT YOU RAN
> didn't find anything at the time you ran it.
>
> The Black Hats are smarter than
> your AV vendor and the M$ "designers" combined.
>
> >I still have confidence in Windows
>
> ...and the Easter Bunny and Santa Claus.
>
> >and would never switch to Linux
>
> ...yet you post your mindless Windoze drivel to a Linux group.
> Loser.
Ha ha ha. Thanks for the comedy, shithead. I can tell you've not got
any money and living off mommy.
RL
RayLopez99
wrote:
You are very brave, or very knowledgeable, or maybe both.
Good to you.
RL
chrisv
I nominate this as post of the day.
David H. Lipman
No you didn't - there is no such thing in relation to computer malware.
http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html
http://linuxmafia.com/~rick/faq/plural-of-virus.html
http://en.wikipedia.org/wiki/Plural_of_virus#Virus
--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp
Humberto Wilson
useless rat shit "chrisv" <chr...@nospam.invalid> wrote in message
news:q9ls47t05i3l0n4o8...@4ax.com...
> JeffM wrote:
>
> I nominate this as post of the day.
>
I nominate you as the stupid fscking asshole of the year.
"chrisv" is a liar. "chrisv" is a piece of shit.
(PeteCresswell)
>Just what the title says. Do you really feel good using a PC you have
>disinfected? Don't you feel better with a known PC that never had a
>virus?
My bias is to not use such a PC - but it's not a religious issue.
Once you learn the ins and outs of keeping data and system on
separate drives, restoring from a known good image becomes close
to trivial - and that's the path I choose given the option.
--
PeteCresswell
FromTheRafters
Exactly - make the 'flatten and rebuild' scenario the less daunting and
it becomes a no-brainer.
Kari Laine
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
How many executable files pristine Windows XP contains - well quite a many.
Then you have installed other software for it.
That means millions of places a virus and a trojan can hide itself. They
can even install them self so that traditional anti-virus programs does
not see them.
Security experts (which I am not) have a very clear message. If machine
is infected - reinstall. It is a fact that infected machine can not ever
trusted.
--
Kari Laine
PICs, Displays,Relays - USB-SPI-I2C http://www.byvac.com
USB and FPGA boards http://www.ztex.de
I am just a happy customer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOTph+AAoJEPjW/Kjfref2FvgH+wVZjwSR61uCEo+InfCGkgLU
E2SjlGUSPGl1kgz/ykhybZkLEOrAeXdgoCAyULqwhfXd4htj9TU4ZfkfWJcBeNiv
cn6AMiGIJUznONjp8DhPFkSjpA01V4r083KZ7DHaN+d6+HEJ2tvWpLw3C9gYxsDD
Z1nROrI7U7gMCtMyXJEQpNpp0IU4a3TYDrTlpoWPn4kRcsidvKjYkFvkF3A0gtqN
veKJ8m59sILm3lm9QZLPsbSIA3dSXkRENN+ITK9cfMdDTV4NwUAC1tNX7BC4YeO2
dRu88Y8KVVBIGydL2KEMghxCdBbth6DyYI6JBqSWLkF7vlfaKNmZ7oFYYPJdSlk=
=yWBG
-----END PGP SIGNATURE-----
FromTheRafters
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> On 08/19/2011 05:01 AM, Sjouke Burry wrote:
>> RayLopez99 wrote:
>>> Just what the title says. Do you really feel good using a PC you have
>>> disinfected? Don't you feel better with a known PC that never had a
>>> virus? Do you eat your own cooking?
>>
>> I am writing this response from a computer, which had about 3 types of
>> viri removed from it in the last 7 years.
>> Never had to re-install XP.
>> Never needed the disk image copies I have on a backup disk.
>> So yes, I am feeling fine about using this computer.
>
> How many executable files pristine Windows XP contains - well quite a many.
>
> Then you have installed other software for it.
>
> That means millions of places a virus and a trojan can hide itself. They
> can even install them self so that traditional anti-virus programs does
> not see them.
>
> Security experts (which I am not) have a very clear message. If machine
> is infected - reinstall. It is a fact that infected machine can not ever
> trusted.
It depends upon what was there. It is overkill to flatten and rebuild
over discovering some lame trojan.
David H. Lipman
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> On 08/19/2011 05:01 AM, Sjouke Burry wrote:
>> RayLopez99 wrote:
>>> Just what the title says. Do you really feel good using a PC you have
>>> disinfected? Don't you feel better with a known PC that never had a
>>> virus? Do you eat your own cooking?
>>
>> I am writing this response from a computer, which had about 3 types of
>> viri removed from it in the last 7 years.
>> Never had to re-install XP.
>> Never needed the disk image copies I have on a backup disk.
>> So yes, I am feeling fine about using this computer.
>
> How many executable files pristine Windows XP contains - well quite a many.
>
> Then you have installed other software for it.
>
> That means millions of places a virus and a trojan can hide itself. They
> can even install them self so that traditional anti-virus programs does
> not see them.
>
> Security experts (which I am not) have a very clear message. If machine
> is infected - reinstall. It is a fact that infected machine can not ever
> trusted.
>
There limits to the locations malware can be installed and that is diminished if it is
under a LUA.
Also, it is NOT a fact that an "...infected machine can not ever be trusted."
It depends on the malware, aits family and associations. For example a FakeAlert trojan
used in a con game can be a simple trojan not associated with a rootkit and could be a
singular DLL or EXE file.
JEDIDIAH
> Kari Laine wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> NotDashEscaped: You need GnuPG to verify this message
>>
>> On 08/19/2011 05:01 AM, Sjouke Burry wrote:
>>> RayLopez99 wrote:
>> Security experts (which I am not) have a very clear message. If machine
>> is infected - reinstall. It is a fact that infected machine can not ever
>> trusted.
>
> It depends upon what was there. It is overkill to flatten and rebuild
> over discovering some lame trojan.
If it is "overkill" than the OS is not very maintainable.
The process of flattening and rebuilding should not be terribly bothersome.
...and yes such severity is warranted. Anything less is gross negligence.
--
These Mac Fanboys want vi imposed on everyone. |||
/ | \
FromTheRafters
with the third.
JeffM
>>It is overkill to flatten and rebuild over discovering some lame trojan.
>>
>If it is "overkill" [then] the OS is not very maintainable.
>The process of flattening and rebuilding should not be terribly bothersome.
>
You think everything should be *easy*. 8-)
>...and yes such severity is warranted. Anything less is gross negligence.
>
If you have ONE infection on your Windoze box,
you likely have MORE.
If you can't be bothered to scrape it clean and start over,
don't EVER connect that thing back to a network;
I'm tired of seeing the backscatter from your pwned spambot box.
Hadron
> On 08/19/2011 05:01 AM, Sjouke Burry wrote:
>> RayLopez99 wrote:
>>> Just what the title says. Do you really feel good using a PC you have
>>> disinfected? Don't you feel better with a known PC that never had a
>>> virus? Do you eat your own cooking?
>>
>> I am writing this response from a computer, which had about 3 types of
>> viri removed from it in the last 7 years.
>> Never had to re-install XP.
>> Never needed the disk image copies I have on a backup disk.
>> So yes, I am feeling fine about using this computer.
>
> How many executable files pristine Windows XP contains - well quite a many.
>
> Then you have installed other software for it.
>
> That means millions of places a virus and a trojan can hide itself. They
> can even install them self so that traditional anti-virus programs does
> not see them.
Lol! You never cease to amaze!
Hadron
Folks, there are a few COLA "advocates" here. Dont let their total
ignorance bring you down.
Peter Köhlmann
Except that he is right. And you are a pompous stupid twit
How is your imaginary "Debian install" doing?
RayLopez99
wrote:
> From: "Sjouke Burry" <burryNULNULF...@PPLLAANNEETT.NNLL>
>
> > RayLopez99 wrote:
> >> Just what the title says. Do you really feel good using a PC you have
> >> disinfected? Don't you feel better with a known PC that never had a
> >> virus? Do you eat your own cooking?
>
> > I am writing this response from a computer, which had about 3 types of
> > viri removed from it in the last 7 years.
> > Never had to re-install XP.
> > Never needed the disk image copies I have on a backup disk.
> > So yes, I am feeling fine about using this computer.
>
> No you didn't - there is no such thing in relation to computer malware.
>
>
> --
> Dave
> Multi-AV Scanning Tool -http://multi-av.thespykiller.co.ukhttp://www.pctipp.ch/downloads/dl/35905.asp
Dave--sorry for the previous insults directed to you by me, please
ignore them buddy; forgive and forget.
So Dave tell me: when you surf the web via Linux using say VMWare,
and you don't password protect your 'root' (Sudo I think they call
it), nor run a firewall (except the hardware firewall you have), nor
run any anti-virus program in Linux, is it possible for evil hackers
to compromise your Windows 7 PC via the Linux VMWare portion?
Thanks in advance, your online friend,
Ray
RayLopez99
THanks PeteCresswell. That seems to be, as I research this issue, the
consensus: removing the virus is often as much work (or just about)
as a restore. But sometimes not--hence I ask whether you would trust
the AV software to remove a trojan using a 'one click' fast fix--it's
a bit suspicious to me that a virus could be removed so quick by a
program, hence I took the restore (or rather, even harder, clean metal
re-installation) route.
RL
Mark F
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> NotDashEscaped: You need GnuPG to verify this message
>
> On 08/19/2011 05:01 AM, Sjouke Burry wrote:
> > RayLopez99 wrote:
> >> Just what the title says. Do you really feel good using a PC you have
> >> disinfected? Don't you feel better with a known PC that never had a
> >> virus? Do you eat your own cooking?
> >
> > I am writing this response from a computer, which had about 3 types of
> > viri removed from it in the last 7 years.
> > Never had to re-install XP.
> > Never needed the disk image copies I have on a backup disk.
> > So yes, I am feeling fine about using this computer.
>
> How many executable files pristine Windows XP contains - well quite a many.
>
> Then you have installed other software for it.
>
> That means millions of places a virus and a trojan can hide itself. They
> can even install them self so that traditional anti-virus programs does
> not see them.
>
> Security experts (which I am not) have a very clear message. If machine
> is infected - reinstall.
> It is a fact that infected machine can not ever trusted.
All you say is correct. However, just to make it clear:
. The operating system doesn't matter
. ALL of the disks connected to the machine after the malware appeared
is suspect, so needs to be restored from safe backups
. Any machines or disks reachable from the infected machine are
suspect. You should determine if the antimalware software on the
remote machines would have protected them and their disks from the
malware. Continue until closure.
. Make sure no BIOS malware is present before connecting you backups
. Best to put backup disks in enclosures that only allow readonly
access
Kari Laine
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
Let's see. First someone have to crack the Linux via getting user to
install some software as root, which installs back door - not likely.
For automatic infestation of Windows 7 that VMware Linux virtual machine
should contain some Linux trojan which would be able to us for example
shared folders or samba to compromise Windows 7 host - yet again unlikely.
So practically no way.
>
> Thanks in advance, your online friend,
>
> Ray
--
Kari Laine
PICs, Displays,Relays - USB-SPI-I2C http://www.byvac.com
USB and FPGA boards http://www.ztex.de
I am just a happy customer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOT6I/AAoJEPjW/Kjfref2xOMH/iWG6fMXCDHyvoaizTTD3ggi
guLXYK/td6CfC8G+liIt15A0qpC+ShqdKOPvhiUKGjPP3nZiLli9H+xxQkJGMuqT
K5soRpEcwRhasxlXHqpu5bU+ZvfB593d5AY25OrkNSbCiAJ6UHhcpmJ77sWmlaL0
DHGlEAXczAetWgUBsMNHyVFUpILrm/sh2piaaLKsDqlsVw4C6nV/iOBu0wtlm2aB
PMNp0cLnUy4l/cM7Dkb+FQiLK+m5DTxxT6Jz7WEp09WpkmV1ZfFtZbHlEI56mQ4D
37OGK50tTSDNzI0BMD3GUSEyfTuylLM2SXGn8+HBb0AYz9L3MrbWr3+YADzKp0s=
=lGXb
-----END PGP SIGNATURE-----
RayLopez99
> . Make sure no BIOS malware is present before connecting you backups
> . Best to put backup disks in enclosures that only allow readonly
> access
BIOS malware? There's malware that infects the BIOS? What would that
do, aside from annoying the user and perhaps having them go in and
override the BIOS settings?
Reading your post I take it you are tongue-in-cheek.
RL
RayLopez99
> > So Dave tell me: when you surf the web via Linux using say VMWare,
> > and you don't password protect your 'root' (Sudo I think they call
> > it), nor run a firewall (except the hardware firewall you have), nor
> > run any anti-virus program in Linux, is it possible for evil hackers
> > to compromise your Windows 7 PC via the Linux VMWare portion?
>
> Let's see. First someone have to crack the Linux via getting user to
> install some software as root, which installs back door - not likely.
> For automatic infestation of Windows 7 that VMware Linux virtual machine
> should contain some Linux trojan which would be able to us for example
> shared folders or samba to compromise Windows 7 host - yet again unlikely.
>
> So practically no way.
>
First scenario fairly easy I would think...
Second scenario I agree "not likely" because Windows 7 host is on
guard for those tricks (I hope). But I can see, given time, perhaps
somebody coming up with a way for Linux to infect Windows when the
latter is hosting the former in a virtual machine.
Now *THERE'S* payback: Linux infecting Windows! LOL
RL
JEDIDIAH
Morons like you are why Windows is such a historic cluster fuck from
top to bottom. It start at Microsoft Corp with engineers with their heads
firmly implanted in their asses all the way down to individual Lemmings
that try to encourage everyone to drink the cool-aid.
No wonder it's such a mess.
You idiots will be the end of consumer general purpose computing as
people wrongfully associate your nonsense with general purpose systems
in general.
--
It's great to run an OS where you have to search Google |||
to find problems rather than experiencing them yourself. / | \
Dustin
news:2ed20ed7-cd18-4a06...@br5g2000vbb.googlegroups.com:
> Wow man, how do you do something like that? I've hash'd a single
> file using some freeware tool but to hash every file in a HD must
> require some proprietary software I would imagine. I think
> Microsoft should do that for all system files: have a dictionary of
> known good hashes and compare any changes to that dictionary,and at
> least warn the user if these critical system file hashes change.
I wrote a small app to do it... shrug.. it's a geeky thing. Sadly,
after writing my own, I found one already existed! LOL. by pure luck
tho, they're compatable. IE: my results file is readable by theirs and
vice versa.
> Yes Kaspersky recognized it as Trojan-Downloader.Win32.Agent. This
> Kaspersky was on a Linux DVD and run at boot time. Caught and
> removed the virus, no more sudden reboots after that, but being
> paranoid I went ahead and did a complete flatten and rebuild of my
> system (and still doing it as we speak--I took a break just now to
> post here).
That's a generic definition for a trojan. Not strickly viral. :)
> Did you kill somebody? Or just .killfile them? At least you're past
> your unsanitary hand problem. ;-)
It's Sully Erna's song from his single album Avalon; Sinner's prayer.
The lead singer of Godsmack.