On Tue, Oct 28, 2014 at 7:18 AM, Edward Ned Harvey (blu) <[email protected]> wrote: > - and you clean the virus, apply updates and close the hole - > Viruses always install additional hooks or backdoors in order to get > themselves back in after cleaning. > The only effective defense is to completely nuke the affected systems after > infection (reinstall the OS).
This is correct on Linux/BSD where the hiding places are asymptotic to the size of the filesystem. This was quite true in the old days for Windows too. These days, MS provides a central Registry for applications (and incidentally viruses) to consolidate ALL their hooks in a single-point-of-fail. Mixed blessing that. But the Windows Trojan authors are as lazy as App authors, so they generally innovate only in how they hide their hooks in Registry to prevent manual disinfection and delay automated disinfection by a few days, rather than think up new hidden hook technology. This Trojan is written in VB6. Not gonna be very innovative. MS's free security scanner/repair tools are quite good at finding bad Registry entries and expunging them without breaking other apps. (They're the only MS Apps I recommend.) (Might want to backup registry first just incase it decides Lab controller needs expunging but ...) Manual Cleaning won't work. Automated cleaning with 2+ brands of AV including the free MS tools doesn't ALWAYS work, but it usually does, and is worth a try if wipe-and-rebuild is awkward or worse. -- Bill Ricker [email protected] https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
