[plug] Anti Virus LiveCD

Chris Caston caston at arach.net.au
Wed Jun 22 11:45:53 WST 2005 

On Wed, 2005-06-22 at 11:34, Chris Caston wrote:
> On Wed, 2005-06-22 at 11:17, Craig Ringer wrote:
> > On Wed, 2005-06-22 at 10:50 +0800, Chris Caston wrote:
> > > On Wed, 2005-06-22 at 10:18, Onno Benschop wrote:
> > > > Hi all,
> > > > 
> > > > Going on-site each day and needing to install AVG, AdAware and SpyBot, 
> > > > then update them, then running a full scan for each application takes 
> > > > the better part of two hours for most machines, longer if their machine 
> > > > is completely toast.
> > > > 
> > > 
> > > You can use BartPE, run the mcafee command line scanner and run adaware
> > > but it only removes the files and not the registry entries.
> > > 
> > > The problem I find with cleaning up infected machines is trying to work
> > > out if will in fact fix all the problems or if in fact its best to do a
> > > clean reinstall.
> > 
> > Even if cleaning it breaks the machine totally (not unheard of),
> It can be the little things like Windows media player wants to send a
> cryptic error report to Microsoft, IE is still busted, search is missing
> but you still get the puppy dog. You can try to fix many of these things
> but it can take a long time.  
> 
> >  it
> > means that any clean reinstall lets you archive the old data without
> > fear of reinfection.
> 
> 
> If you have a server that gets compromised do you close the backdoor,
> removed any installed programs and keep going? 
> 
> Best practise is to take it down and reinstall from scratch. 
> 
> In an ideal solution to to a virus/spyware ridden windows machine:
> 
> 1. if they don't know their internet/e-mail passwords use mailpv or
> dunrecover to get them 
> 2. Backup outlook express (copy the mailbox store folder or use
> ABFoutlookexpress backup) e-mails and contacts or Outlook pst
> 3. Backup device drivers (there are apps like windriverbackup) and or
> locate motherboard/other hardware CDs
> 4. Backup accounting software 
> 5. Install a new HD on the PC of greater capacity to their current one
> 6. Put their existing HD in a USB HD caddie and virus scan it from
> another machine or laptop 
> 7 Reinstall Windows with the latest updates using their media and or
> serial numbers
> 8. Install of their software from their orginal CDs
> 9. Install printers, scanners, webcams etc
> 10. Install anti virus/antispyware software
> 11. Copy back their data from the ext hd once it is finished virus
> scanning. Usually just take the documents and settings folder of they
> are using w2k or above. You do need to look out as they may have MYOB
> folder or done things like saved a spreadsheet under program files.
> Desktop is saved under Windows folder in 98 and so are things like
> favourites and fonts.
> 12. Setup their old HD for backup using ntbackup, karens replicator or
> the Windows port of rsync
> 
> regards,
> 
> Chris Caston
> 
> 

I should also add a few other things like installed Firefox and
Thunderbird. Make sure they are not running at admin. Instruct them to
change all of their passwords esp e-mail and online banking. 
> 
> 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

More information about the plug mailing list