And now for something different

Discussion in 'other anti-malware software' started by Gargoyle, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. Gargoyle

    Gargoyle Registered Member

    Jun 2, 2007
    There are so many topics on here posting about security setup and the lowdown on the latest security applications and users seeking advice on what to use on their computers. However, there is a distinct lack of discussion on what is to be done when we found out there's a problem. There are no topics about treating a problem when, let's say for example, a HIPS program find a rouge process. We don't wonder about its origin (rootkit, trojan, etc.) and we certainly don't discuss what the best way to remove the malware. Yet most of us here are using sophisticated anti-malware software.
  2. Franklin

    Franklin Registered Member

    May 12, 2005
    West Aussie
  3. Kerodo

    Kerodo Registered Member

    Oct 5, 2004
    If and when I ever actually encounter a real malware problem on this machine, I do one of two things:

    A) Restore from a good image.
    b) Reformat

    So for me, no discussion is necessary, nor is any software to attempt to clean up or otherwise fix the problem. Simple and no doubts...
  4. the Tester

    the Tester Registered Member

    Jul 28, 2002
    The Gateway to the Blue Hills,WI.
    True, you don't read much about infections here.
    There are a few forums that excel at HiJackThis logs and removal of malware.
    Castle Cops security forum has unknown file category and Malware Incident Reporting and Termination.
  5. lucas1985

    lucas1985 Retired Moderator

    Nov 9, 2006
    France, May 1968
    Kill that process, upload the corresponding file to a multi-engine online scanning service (Jotti/Virustotal/ and save it (encrypted) for further analysis. Then, use your reboot-to-restore solution or nuke the HDD and restore a clean image.
    Be prepared for a possible data leak/thief
    Last edited: Aug 24, 2007
  6. farmerlee

    farmerlee Registered Member

    Jul 1, 2006
    Yep same here. If i encounter anything resembling real malware, its image restore time.
  7. screamer

    screamer Registered Member

    Apr 14, 2006
    Big Apple USA
    Since Wilders doesn't permit posting HJT logs, you won't find much discussion on Mal / Viri / Spyware removal.

    Me thinks that anyone who has spent any length of time on these forums has picked up on recovery solutions. If I get infected I'll just boot to another SnapShot & copy / update or delete the infected one.

    I for one, feel bullet proof w/ my security set-up. If it -does fail... FD-ISR to the rescue.

  8. Peter2150

    Peter2150 Global Moderator

    Sep 20, 2003
    Likewise. Before doing anything approaching risky, I update my FDISR snapshot, might even take a new image, and then if really risky, I go into a vm machine.

    It's almost funny since right now, I am testing and in shadowmode of ShadowDefend and also sandboxed with sandboxie.

    LUSHER Registered Member

    Feb 28, 2007
    Traditionally there is some discussion in here, though it tends to be some famous malware hunter warning the whole world about some dangerous world ending threat he found or some over paranoid kid posting all kinds of strange screenshots from anti-rootkit tools telling everyone that he has a super duper stealthy rootkit. :D

    I would like to think that there is little discussion because

    A) As a forum Wilders is focused toward security software use. Little things like "wondering about the origin of" infections is not quite as interesting.

    B) People here have so many layers (on top of generally being a bit more knowledable than average), very little get through. In fact, I would say most posters here more find something on their scanners are usually having FPs...
  10. EASTER

    EASTER Registered Member

    Jul 28, 2007
    U.S.A. (South)
    Likewise. borrowing a similar method practiced by Peter2150

    I employ a perfectly fail-proof method myself from any forced/stealth intrusion which would be designed to "stick" to disk by using an FD-ISR snapshot covered with Power Shadow Master plus shielding with HIPS as in either EQSEcure 3.4 OR SSM (Full), and yet further guarded with Sandboxie 3 along of course coupled with strong firewall protection.

    Even should some PC Stealth Long/Short Range Cruise Missile managed to penetrate thru these layers, which IS NOT going to happen anyway unless i do it to myself :D theres still in reserve .arx FD-ISR Archives to rebuild from and as a final stage of COMPLETE RESTORATION, a couple of full system/partition duplicate images. Also i CLONE an entire "clean" "offline" drive and store that in a controlled temperature compartment.

    Building blocks for a perfect Defense & Preservation Strategy.

    So far, HIPS + PS + FD-ISR have everything under tight control from invaders of any sort.

    RELAXED & FREE :cool:
  11. Kees1958

    Kees1958 Registered Member

    Jul 8, 2006
    So that should make you a virtual shadow? ;)

    I do not even care anymore. Even when I om our weakest secured PC (A2 IDS + WinPooch + DefenseWall), I make an image backup (takes 2 minutes with Maxblast and perform a smart data backup to our external harddrive which takes less than a minute). Start fiddling with aps, and roll back before shutdown.
Thread Status:
Not open for further replies.