Zero Day Malware Cleaning with the Sysinternals Tools

A very good read. Thx Ronjor.

 

Thanks Ron.

 

Just goes to show what can be acheived with a few Good tools

But he does acknowledge that "Cleaning is going to get much harder"

No mention of a dedicated AntiRootkit tool though

 

Very helpful article indeed

 

Similar material is found in "Advanced Malware Cleaning Techniques for the IT Professional" - hxxp://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Advanced_Malware_Cleaning_Techniques_for_the_IT_Professional_English.pdf

 

Mark Russinovich has posted some terrific articles, and this is yet another. Thank you Ron and also thank you MrBrian for your link

 

thanks

 

And the moral of the story is, backup your hard drive!

 

Right, attempting to "clean" an infected drive is like painting over mould on drywall. It's easier and far more "absolute" to wipe the infected drive and simply restore an earlier image.

 

The problem is most people I know don't even know about imaging; most don't even back up important documents on a USB drive!

 

And most people won't do Imaging and won't backup important documents even when they are advised to do so.

 

You're welcome .

The advice to set Process Monitor's filter to "Category is Write then Include" is a great tip for seeing only changes to a system. Also, one can check "Drop Filtered Events" so that only displayed events are stored.

 

the worst thing about backup is !!!!

there is not enough space

 

Always like what Mark Russinovich has to say. This guy has forgotten more about Windows than we'll ever know.

 

Ya, and before the restore, format the infected HD, and the MBR with a dedicated tool.

 

Thanks! Much appreciated!

 

very interesting read. thanks!