Security Basics mailing list archives
Re: Bad Antivirus
From: Michael Peppard <mpeppard () impole com>
Date: Wed, 30 Jan 2013 10:50:26 -0500
To be honest I usually run (or tell someone to) the antivirus on an infected machine through a remote connection such as ssh2, or as Windows network administrator. That takes care of several issues. Antiviruses are great warning systems, but limited, they run locally for instance.
However, if executables are changed or I have a suspicion that the machine is rooted, based on the type of infection or behaviour... I backup and scrub the computer then reinstall from scratch, preferably with an image.
Playing with viruses and rootkits is fun, but it's playing, not getting the mail delivered or clients served.
-Mike On 01/29/2013 10:30 AM, sec.melis () gmail com wrote:
Dear folks, I have 3 W2K3 servers, each are running same software binary exe files. One month ago, they infected with some rootkits and viruses which later on I know from antivirus detection this malware called sality, ipz, etc. After installing a new antivirus and revealed the malware, some of my software seems not running as expected. At the moment, I suspect that the malware still there because the AV may not capable to clean them all. I tried using 3 or 4 most popular AV, but all were claimed the servers are clean while my software couldn't run smoothly. In fact, some of exe files has been changed in size while I am not sure whether this changed made by viruses or 'bad' AV I just installed. If I try to proof that my exe files has been changed by this 'bad' AV, does anyone know how to proof this things ? By reversing this exe files, is it possible to get which part of the files has changed ? Thank's Ibha ID Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bad Antivirus sec milis (Jan 29)
- RE: Bad Antivirus Dan Lynch (Jan 31)
- <Possible follow-ups>
- Bad Antivirus sec . melis (Jan 29)
- Re: Bad Antivirus iamherevivek (Jan 29)
- Re: Bad Antivirus Melissa Augustine (Jan 30)
- Re: Bad Antivirus Adam Pal (Jan 30)
- Re: Bad Antivirus Andre Silaghi (Jan 30)
- Re: Bad Antivirus Michael Peppard (Jan 31)
- Re: Bad Antivirus iamherevivek (Jan 29)