Security Basics mailing list archives
Re: Question for all
From: Brad Mills <millsmiami () usa net>
Date: Fri, 01 Aug 2003 20:47:20 EDT
Chris,
Well, the best plan would be to wipe your hard drive and start over, but barring that, my next step would be to use SpybotSD, it's pretty good at cleaning out garbage like that. If it works you might consider sending a donation, the developer does all that work for free.
Agreed. 1. Wipe drive with DBAN, then re-ghost from a clean LKG.gho ... seems the better-authored malware does a great job of hiding. 2. I'm not a big Zone Alarm fan, but if anything pops up, it usually has to have permission to connect, thus giving itself away. 3. Build a (GPL) Smoothwall.org stand-alone firewall, monitor it's web proxie logs, and firewall logs. All ports over 1024 automatically blocked. The built-in Snort is useful, as well. Linux based, even a Win guy can have a 3-nic sytem built and online in ~30 minutes. 4. Additionally, have a look at http://www.mlin.net/StartupCPL.shtml ***Startup Control Panel is compatible with all modern versions of Windows, including Windows 95, 98, 98SE, ME, NT 4.0, 2000, and XP. Allows you to see HKCU, HKLM, Run-Once, etc. Useful to keep other apps from launching, aside from critters ;) Good Hunting and remember, it' s only my .02, /b --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Question for all, (continued)
- Re: Question for all Morton B. Maser (Aug 05)
- Re: Question for all Nick Bennett (Aug 06)
- Backdoor.Trojan and payload.dat Lee Seidman (Aug 06)
- Re: Question for all stephen at unix dot za dot net (Aug 08)
- RE: Question for all Jason Armstrong (Aug 01)
- RE: Question for all McCleskey, David (Aug 01)
- Re: Question for all KoRe MeLtDoWn (Aug 01)
- RE: Question for all Bob Walker (Aug 04)
- RE: Question for all Glenn Pearl (Aug 04)
- RE: Question for all Bob Walker (Aug 04)
- Re: Question for all Chris Berry (Aug 01)
- Re: Question for all Brad Mills (Aug 04)
- RE: Question for all George Peek (Aug 04)
- RE: Question for all Chris Berry (Aug 04)
- Re: Question for all Ansgar Wiechers (Aug 06)
- RE: Question for all Ramsinghani, Aashish (EM, GECIS) (Aug 06)
- RE: Question for all Ricardo Ceballos (Aug 06)
- Re: Question for all Morton B. Maser (Aug 05)