At 01:16 PM 16/02/2006, warpmedia wrote:
That's where MS Security Configuration & Analysis snap-in combined
with security templates are your friend.
Christopher Fisk wrote:
We had a machine recently come in where filesystem permissions were
all screwed up after removing a virus and cleaning
That's where MS Security Configuration & Analysis snap-in combined with
security templates are your friend.
Christopher Fisk wrote:
We had a machine recently come in where filesystem permissions were all
screwed up after removing a virus and cleaning off some spyware. We
could certainly h
On Thu, 16 Feb 2006, Thane Sherrington (S) wrote:
How you know that things are going well on the removals? If, as has been
argued here, it is impossible to find all the malware on a machine, then it
seems to me one could never be sure that removals are working. Is there a
specific system you
At 04:24 PM 15/02/2006, Christopher Fisk wrote:
We have a standard diagnostic timeframe, where we'll look at a
machine and make a judgement call on which is the better method,
generally that diagnostic time includes things like a quick virus
scan, spyware checkers, verifying caps on the board,
On Wed, 15 Feb 2006, Hayes Elkins wrote:
I've read them all. Where do you argue on the side of cleaning a computer vs
formating? When a company with over 100 desktops and a server farm experiences
a virus outbreak with a pending virus definition update coming out the next
day - what do you sug
On Wed, 15 Feb 2006, Thane Sherrington (S) wrote:
Sorry, I meant, if you get in a machine that needs Windows re-installed (how
do you know it has viruses, btw, or do you reinstall for all machines?) how
long and how much does it cost to have Windows reinstalled, updated, software
installed (as
At 01:01 PM 15/02/2006, Christopher Fisk wrote:
On Wed, 15 Feb 2006, Thane Sherrington (S) wrote:
At 10:49 AM 15/02/2006, Christopher Fisk wrote:
Personally I just do the safe method on backups, I have an easy
way of making ghost backups, so I just ghost the drive to a spare
I have on the be
From: Christopher Fisk <[EMAIL PROTECTED]>
Reply-To: The Hardware List
To: The Hardware List
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
Date: Wed, 15 Feb 2006 12:04:10 -0500 (EST)
On Wed, 15 Feb 2006, Hayes Elkins wrote:
How many companies
On Wed, 15 Feb 2006, Hayes Elkins wrote:
How many companies do you work for that are ok with an extra day of
downtime?
What do you suggest? Format everything?
You havn't been reading my posts. I will refer you to my posts on this
topic, which directly answer that question already.
Symant
On Wed, 15 Feb 2006, Thane Sherrington (S) wrote:
At 10:49 AM 15/02/2006, Christopher Fisk wrote:
Personally I just do the safe method on backups, I have an easy way of
making ghost backups, so I just ghost the drive to a spare I have on the
bench for the process, then I can be sure I won't m
On Wed, 15 Feb 2006, Thane Sherrington (S) wrote:
At 10:49 AM 15/02/2006, Christopher Fisk wrote:
$200 is 2.5 hours of work. How long does it take to clean the machine,
verify the data, install all the windows updates, update the drivers, check
capacitors, run memtest and other repair tools,
From: Christopher Fisk <[EMAIL PROTECTED]>
Reply-To: The Hardware List
To: The Hardware List
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
Date: Wed, 15 Feb 2006 09:10:31 -0500 (EST)
On Tue, 14 Feb 2006, Hayes Elkins wrote:
Just like viri - wait
At 10:49 AM 15/02/2006, Christopher Fisk wrote:
Personally I just do the safe method on backups, I have an easy way
of making ghost backups, so I just ghost the drive to a spare I have
on the bench for the process, then I can be sure I won't miss any
data, because I'm not losing any data. And
At 10:49 AM 15/02/2006, Christopher Fisk wrote:
$200 is 2.5 hours of work. How long does it take to clean the
machine, verify the data, install all the windows updates, update
the drivers, check capacitors, run memtest and other repair tools, etc?
You get $80/hour US? Can I move to your town
On Wed, 15 Feb 2006, Wayne Johnson wrote:
Unfortunately there are too many shops out there that start with the
restore disk for the simplest little problem.
Which is not what I'm advocating.
FWIW I understand there are nasties out there than can go undetected but
nothing can change the fact
At 09:09 AM 2/15/2006, Christopher Fisk typed:
Yes, we try to clean the machines as much as possible, but the
insane assumption that cleaning the machine is always better than
starting fresh with the OS, is just that, insane.
Unfortunately there are too many shops out there that start with th
On Tue, 14 Feb 2006, Hayes Elkins wrote:
Just like viri - wait a day.
How many companies do you work for that are ok with an extra day of
downtime?
Christopher Fisk
--
WEDGIES ARE UNHEALTHY FOR CHILDREN AND OTHER LIVING THINGS
WEDGIES ARE UNHEALTHY FOR CHILDREN AND OTHER LIVING THINGS
On Wed, 15 Feb 2006, FORC5 wrote:
I had 4 systems this week badly infected ( record week ) 3 I spent too
much time on cleaning, one I just ran the restore disk, was the easiest
one.
See, it's not ease which is the determining factor for me, it's the "Can
the customer go out and buy a better
On Wed, 15 Feb 2006, Thane Sherrington (S) wrote:
From the SysInternals page:
Can a Rootkit hide from RootkitRevealer?
It is theoretically possible for a rootkit to hide from RootkitRevealer. Doing
so would require intercepting RootkitRevealer's reads of Registry hive data or
file system data
I had 4 systems this week badly infected ( record week ) 3 I spent too much
time on cleaning, one I just ran the restore disk, was the easiest one.
fp
At 06:57 AM 2/15/2006, Christopher Fisk Poked the stick with:
>If you have a customer with no virus detection tools installed at all, they
>come
On Tue, 14 Feb 2006, Hayes Elkins wrote:
I'm not saying it's not a good tool, I'm saying (And they admit) that it's
certainly not 100%.
Neither is there an antivirus tool that detects 100% of viruses. So next time
you suspect a variant of STONED, better be safe than sorry and format.
This i
- Original Message -
From: "Wayne Johnson" <[EMAIL PROTECTED]>
To: "The Hardware List"
Sent: Tuesday, February 14, 2006 10:18 PM
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
I haven't been stoned in forever &
Virustotal is a pretty standard tool used by researchers it has consistant
results with other methods we use
-Original Message-
From: "Anthony Q. Martin"<[EMAIL PROTECTED]>
Sent: 2/13/06 6:09:13 AM
To: "'The Hardware List'"
Subject: RE: [H] Sugge
List"
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
At 10:03 AM 13/02/2006, Mesdaq, Ali wrote:
>Its not a company I work for its a tool we use. You can upload a
>file and check it against all av pretty sad coverage because no av
>ever gets it all
At 04:53 PM 14/02/2006, Christopher Fisk wrote:
On Tue, 14 Feb 2006, Thane Sherrington (S) wrote:
What about the ones not published?
Well, according to Systernals, it would take technology not yet
seen in a rootkit to get around Rootkit Revealer. It would have to
be specifically written to
At 10:09 PM 2/14/2006, Hayes Elkins typed:
Neither is there an antivirus tool that detects 100% of viruses. So
next time you suspect a variant of STONED, better be safe than sorry
and format.
I haven't been stoned in forever & neither has any computer that I've
worked on altho I vaguely remem
From: Christopher Fisk <[EMAIL PROTECTED]>
Reply-To: The Hardware List
To: The Hardware List
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
Date: Tue, 14 Feb 2006 15:53:05 -0500 (EST)
On Tue, 14 Feb 2006, Thane Sherrington (S) wrote:
What about th
Just like viri - wait a day.
Christ, you act like rootkits are unbreakable.
http://www.sysinternals.com/Utilities/RootkitRevealer.html
"RootkitRevealer successfully detects all persistent rootkits published at
www.rootkit.com, including AFX, Vanquish and HackerDefender"
What about the one
On Tue, 14 Feb 2006, Thane Sherrington (S) wrote:
What about the ones not published?
Well, according to Systernals, it would take technology not yet seen in a
rootkit to get around Rootkit Revealer. It would have to be specifically
written to intercept RR calls to directly look at the regis
At 01:56 PM 14/02/2006, Christopher Fisk wrote:
On Sat, 11 Feb 2006, Hayes Elkins wrote:
Christ, you act like rootkits are unbreakable.
http://www.sysinternals.com/Utilities/RootkitRevealer.html
"RootkitRevealer successfully detects all persistent rootkits
published at www.rootkit.com, incl
On Sat, 11 Feb 2006, Hayes Elkins wrote:
Christ, you act like rootkits are unbreakable.
http://www.sysinternals.com/Utilities/RootkitRevealer.html
"RootkitRevealer successfully detects all persistent rootkits published at
www.rootkit.com, including AFX, Vanquish and HackerDefender"
What ab
ony Q. Martin" <[EMAIL PROTECTED]>
Reply-To: The Hardware List
To: "'The Hardware List'"
Subject: RE: [H] Suggested tools for helping a friend with
badvirus infestation
Date: Mon, 13 Feb 2006 09:08:53 -0500
:
:Its not a company I work for its a tool we use. You can up
At 10:03 AM 13/02/2006, Mesdaq, Ali wrote:
Its not a company I work for its a tool we use. You can upload a
file and check it against all av pretty sad coverage because no av
ever gets it all or even close
How do you know that? According to their charts, it appears that if
they scan with all
:
:Its not a company I work for its a tool we use. You can upload a file and
check it against all av
:pretty sad coverage because no av ever gets it all or even close
Then how can you believe the results? Some can be reporting false
positives, etc.
ardware List"
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
At 10:02 PM 10/02/2006, Mesdaq, Ali wrote:
>unknown malware you would be astonished. And don't think I am just
>checking malware against one or two AV companies. Go to
>www.v
, and also
some end user education .
-Original Message-
From: "Thane Sherrington (S)"<[EMAIL PROTECTED]>
Sent: 2/13/06 3:52:26 AM
To: "The Hardware List"
Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
At 10:02 PM 10/02/2006
List
:Subject: RE: [H] Suggested tools for helping a friend with badvirus
infestation
:
:At 10:02 PM 10/02/2006, Mesdaq, Ali wrote:
:>unknown malware you would be astonished. And don't think I am just
:>checking malware against one or two AV companies. Go to
:>www.virustotal.com a
At 06:37 PM 11/02/2006, warpmedia wrote:
Anyone checked this out yet?
http://www.f-secure.com/blacklight/
Yes, I've been using it for about two months. Easier to use than
Rootkit Revealer, but I'm not sure if it's as thorough.
T
At 10:02 PM 10/02/2006, Mesdaq, Ali wrote:
unknown malware you would be astonished. And don't think I am just
checking malware against one or two AV companies. Go to
www.virustotal.com and see all the vendors. I collect malware that is
not recognized by any of all those vendors and I have to reve
At 10:02 PM 10/02/2006, Mesdaq, Ali wrote:
That whole nothing can stop me attitude I don't buy it and I don't
respect it in this context. If the issue is a system crash or a bug in
configuration that's where the never quite attitude is good. But in a
case where you could possibly not clean out a
At 10:02 PM 10/02/2006, Mesdaq, Ali wrote:
I can guarantee that a infected system is unclean-able by you! Not to
question your intelligence but I think you question the malware authors
intelligence. I have setup honeypots as a matter of fact I operate
several for my company and within 1 minute a
is that there will never be a universal rootkit scanner"
From: [EMAIL PROTECTED] on behalf of Hayes Elkins
Sent: Sat 2/11/2006 10:53 AM
To: hardware@hardwaregroup.com
Subject: RE: [H] Suggested tools for helping a friend with badvirus infestation
C
Anyone checked this out yet?
http://www.f-secure.com/blacklight/
Hayes Elkins wrote:
Christ, you act like rootkits are unbreakable.
http://www.sysinternals.com/Utilities/RootkitRevealer.html
"RootkitRevealer successfully detects all persistent rootkits published
at www.rootkit.com, includ
IL PROTECTED]>
Reply-To: The Hardware List
To: "The Hardware List"
Subject: RE: [H] Suggested tools for helping a friend with
badvirus infestation
Date: Fri, 10 Feb 2006 18:02:06 -0800
I can guarantee that a infected system is unclean-able by you! Not to
question your intelligence
ojan on a system the payoff is not very much when
the alternative is a reformat and 100% safe system.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Thane
Sherrington (S)
Sent: Friday, February 10, 2006 12:46 PM
To: The Hardware List
Subject: Re: [H] Suggested
- Original Message -
From: "Thane Sherrington (S)" <[EMAIL PROTECTED]>
To: "The Hardware List"
Sent: Friday, February 10, 2006 3:49 PM
Subject: Re: [H] Suggested tools for helping a friend with badvirus
infestation
which route you take. I just hate th
46 matches
Mail list logo