August 30th, 2009, 10:39 PM
Join Date: Oct 2003
Re: Securing Your PC and Data
If you are currently infected
- Get focused and dedicated assistance at one of available sites on the Internet or a local shop. Some specific sites/guides that are available online include:
- It is important to appreciate that random efforts to fix a problem can create more issues than they solve. The first maxim should always be do no harm. The second maxim is that you should always be able to undo any action. Casual users may not be equipped to do this (example Ė having hardware/software to clone any HDD being assessed).
- If you are unsure of how to proceed, thatís a strong signal to get assistance, and thatís best achieved via focused support.
- If, understanding those cautions, you still wish to attempt to tackle the situation yourself, consider the following:
- Donít attempt to install new software to the compromised machine. While it often works, spectacular problems can occur as a result of software installations in an inherently unstable environment. Use approaches which do not require installation on an infected machine. These approaches include:
- Use of a portable software application which runs as a standalone executable. Check for availability among your preferred tools.
- Use an available online scanner. Many of the major AV vendors provide this facility including: BitDefender, Kaspersky Lab, Eset, F-Secure, McAfee, Trend Micro, Avast! and so on. For the evaluation of single files, the online multiscanners VirusTotal and Jottiís malware scan are available.
- Linux based bootable live CD. This is actually a fairly powerful approach in that one works from a clean OS. Options include DrWeb CureIt!, rescue CD images which can be created from within security products (one example would be that provided by Kaspersky Lab). If your security software provides for creation of a bootable live CD image that can be updated at run time, create that disc and verify that it functions properly now. Then store it for possible future use.
- Use of a secondary Windows boot installation. Provide each machine with access to at least two different boot devices Ė either a second OS installed on a second physical drive, or an external USB/Firewire drive which allows booting to a known clean system. This capability is useful for any circumstance which compromises a hard drive (malware infection, physical failure, corruption of needed OS files, etc.) and allows recovery and/or manual cleaning operations to proceed. Depending on the situation, these installations can be created either by cloning or a direct OS installation to the media.
- If a second physical hard drive is not an option, go about creating a bootable Windows installation via Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD or Ultimate Boot CD.
- Remove the infected drive from the host machine and attach it as a slave drive to a known clean machine from which diagnosis and remedy can be achieved.
- Boot to safe mode and work from a reduced functionality environment. Depending on the nature of the problem, this may or may not be productive.
- Be prepared for the any downside scenario. This often means copying valuable documents prior to initiating any work on the infected drive. Be aware that this attempt to safeguard information may serve as a mode of infection to other machines.
- Try to secure access to a second machine with an Internet connection and hold it in reserve in the event your primary machine loses connectivity. Before the need arises, download a copy of Winsock XP Fix and check out Repair/Reset Winsock settings
- If you are unsure of yourself, you need to assess how you will validate that the problem has been fully resolved. This is one reason to employ expert assistance.
- Let's repeat the initial suggestion for emphasis - Get focused and dedicated assistance at one of available sites on the Internet or a local shop.