Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Using Process Explorer to remove hard to remove malware
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Question About Some Packets. »
« IM Monitoring at LAN?  
AuthorAll Replies


Woody79_00

join:2004-07-08

reply to trparky
Re: Using Process Explorer to remove hard to remove malware

IMO I definitely think Process Explorer is a good tool for anyone to have in their malware fighting toolkit. that being said, don't bother memorizing everything, your wasting your time. As it is impossible to memorize them all, sure know all the essential windows processes, services, etc.

The Best tool i have found in my fight is a good Linux Live CD...especailly against the Likes of Vundo...the newer variants are not completly impossible to remove from inside of windows, but even in safe mode it is more effort than it is worth.

This is why i use Process Explorer and other tools to "identify" the type of infection and what not. then i use a Linux Live CD(of your flavor) and boot into it, then i mount that Windows Partition and Delete the files in question straight from outside of Windows, Once that occurs and i kill the .exe, .dll, and the Service, then i boot into Windows and Use a combo of Trend Micro's sysclean package with the latest Definitions and Vundo fix and others to "clean up" I do all of this while the machine is "not" connected to the internet, once this is done, I reset the firewalls, update the security software, and insure they are all working properly and properly patched and up to date, then it seems all is well

in the end though, If its a rootkit, even though i can remove it, theres no way of knowing what has been changed even if i could remove it, in that case, i simply backup important files, and nuke the drive and start over...

this is why im an advocate of a "known" clean backup...can't stress it enough...this is your number 1 fight against malware, get Acronis True Image or some other backup tool, and create a clean image, that way if you even havea "hint" you may have some sort of malware, restore the known clean image.

that is the best thing you can do, I just wonder how long it will be before malware authors find a way to stop people like me from using a linux live Cd to mount the drive and delete their pesky files....
to forum · permalink · · 2008-04-12 14:09:17 · Reply to this
Forums » Up and Running » Security » SecurityQuestion About Some Packets. »
« IM Monitoring at LAN?  

Monday, 08-Sep 12:49:28 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [28] J.D. Power Ranks Wireless Call Quality
· [20] DSL Is The New Dial-Up
· [13] $40 Billion To Wire the UK With FTTH
· [7] Cox Offers Automated Backup Service
· [4] Monday Morning Links
Most people now reading
· What to do when selling and everyone loves it, but no offers [Home Repair & Improvement]
· [new forum] Gay / Lesbian Talk [Forum Feature Requests]
· Is my landlord trying to screw me (Updated)? [Home Repair & Improvement]
· [iPhone] Apps not working?? [All things Macintosh]
· Engagement Ring Help? [General Questions]
· Philly Metro VHO8 Update [Verizon FIOS TV]
· IMG 1.6 Deployment [Verizon FIOS TV]
· Hurricane Ike [Weather]
· Tomato/MLPPP v2 FINAL released! [TekSavvy]
· Transfer switch [Home Repair & Improvement]