www.broadbandreports.com
  republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJobsNewsFAQsForumsToolsMapsAbout 
   AllHot TopicsCable SupportTelco SupportHardware etcSecurityClubsGallery»»






how-to block ads


 
Forums » Up and Running » Security » Security » Using Process Explorer to remove hard to remove malware
 
Search Topic:
  Social:
topic feed
 
Posting
toggle:
flat / full
normal / watch
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Question About Some Packets. »
« IM Monitoring at LAN?  
AuthorAll Replies


Woody79_00

join:2004-07-08

reply to trparky
Re: Using Process Explorer to remove hard to remove malware

IMO I definitely think Process Explorer is a good tool for anyone to have in their malware fighting toolkit. that being said, don't bother memorizing everything, your wasting your time. As it is impossible to memorize them all, sure know all the essential windows processes, services, etc.

The Best tool i have found in my fight is a good Linux Live CD...especailly against the Likes of Vundo...the newer variants are not completly impossible to remove from inside of windows, but even in safe mode it is more effort than it is worth.

This is why i use Process Explorer and other tools to "identify" the type of infection and what not. then i use a Linux Live CD(of your flavor) and boot into it, then i mount that Windows Partition and Delete the files in question straight from outside of Windows, Once that occurs and i kill the .exe, .dll, and the Service, then i boot into Windows and Use a combo of Trend Micro's sysclean package with the latest Definitions and Vundo fix and others to "clean up" I do all of this while the machine is "not" connected to the internet, once this is done, I reset the firewalls, update the security software, and insure they are all working properly and properly patched and up to date, then it seems all is well

in the end though, If its a rootkit, even though i can remove it, theres no way of knowing what has been changed even if i could remove it, in that case, i simply backup important files, and nuke the drive and start over...

this is why im an advocate of a "known" clean backup...can't stress it enough...this is your number 1 fight against malware, get Acronis True Image or some other backup tool, and create a clean image, that way if you even havea "hint" you may have some sort of malware, restore the known clean image.

that is the best thing you can do, I just wonder how long it will be before malware authors find a way to stop people like me from using a linux live Cd to mount the drive and delete their pesky files....
to forum · permalink · · 2008-04-12 14:09:17 · Reply to this
Forums » Up and Running » Security » SecurityQuestion About Some Packets. »
« IM Monitoring at LAN?  

Most commented news this week
· [183] Obama Addresses FISA Immunity Critics
· [134] Video Wall at Comcast Building Draws Tourist Attention
· [129] July Fourth Open Thread
· [121] Time Warner Cable: Caps 'Make Your Internet Experience Better'
· [116] AOL Raises Dial-Up Prices
· [105] SMS: You're Paying $1,310 (Or More) Per Megabyte
· [87] Canadian iPhone: Get Less, Pay More
· [83] How Much Bandwidth Do We Really Need?
· [79] Sorry Qwest, 'Next Generation' Broadband Isn't 896kbps Upstream
· [78] Additional AT&T iPhone Pricing Details
Sunday, 06-Jul
23:33:17 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.
page compression OFF