And now for something different

Discussion in 'other anti-malware software' started by Gargoyle, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. Gargoyle

    Gargoyle Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    67
    There are so many topics on here posting about security setup and the lowdown on the latest security applications and users seeking advice on what to use on their computers. However, there is a distinct lack of discussion on what is to be done when we found out there's a problem. There are no topics about treating a problem when, let's say for example, a HIPS program find a rouge process. We don't wonder about its origin (rootkit, trojan, etc.) and we certainly don't discuss what the best way to remove the malware. Yet most of us here are using sophisticated anti-malware software.
     
  2. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    If and when I ever actually encounter a real malware problem on this machine, I do one of two things:

    A) Restore from a good image.
    b) Reformat

    So for me, no discussion is necessary, nor is any software to attempt to clean up or otherwise fix the problem. Simple and no doubts...
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    True, you don't read much about infections here.
    There are a few forums that excel at HiJackThis logs and removal of malware.
    Castle Cops security forum has unknown file category and Malware Incident Reporting and Termination.
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Kill that process, upload the corresponding file to a multi-engine online scanning service (Jotti/Virustotal/Virus.org) and save it (encrypted) for further analysis. Then, use your reboot-to-restore solution or nuke the HDD and restore a clean image.
    Be prepared for a possible data leak/thief
     
    Last edited: Aug 24, 2007
  6. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Yep same here. If i encounter anything resembling real malware, its image restore time.
     
  7. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Since Wilders doesn't permit posting HJT logs, you won't find much discussion on Mal / Viri / Spyware removal.

    Me thinks that anyone who has spent any length of time on these forums has picked up on recovery solutions. If I get infected I'll just boot to another SnapShot & copy / update or delete the infected one.

    I for one, feel bullet proof w/ my security set-up. If it -does fail... FD-ISR to the rescue.

    ...screamer
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    Likewise. Before doing anything approaching risky, I update my FDISR snapshot, might even take a new image, and then if really risky, I go into a vm machine.

    It's almost funny since right now, I am testing and in shadowmode of ShadowDefend and also sandboxed with sandboxie.
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Traditionally there is some discussion in here, though it tends to be some famous malware hunter warning the whole world about some dangerous world ending threat he found or some over paranoid kid posting all kinds of strange screenshots from anti-rootkit tools telling everyone that he has a super duper stealthy rootkit. :D


    I would like to think that there is little discussion because

    A) As a forum Wilders is focused toward security software use. Little things like "wondering about the origin of" infections is not quite as interesting.

    B) People here have so many layers (on top of generally being a bit more knowledable than average), very little get through. In fact, I would say most posters here more find something on their scanners are usually having FPs...
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Likewise. borrowing a similar method practiced by Peter2150

    I employ a perfectly fail-proof method myself from any forced/stealth intrusion which would be designed to "stick" to disk by using an FD-ISR snapshot covered with Power Shadow Master plus shielding with HIPS as in either EQSEcure 3.4 OR SSM (Full), and yet further guarded with Sandboxie 3 along of course coupled with strong firewall protection.

    Even should some PC Stealth Long/Short Range Cruise Missile managed to penetrate thru these layers, which IS NOT going to happen anyway unless i do it to myself :D theres still in reserve .arx FD-ISR Archives to rebuild from and as a final stage of COMPLETE RESTORATION, a couple of full system/partition duplicate images. Also i CLONE an entire "clean" "offline" drive and store that in a controlled temperature compartment.

    Building blocks for a perfect Defense & Preservation Strategy.

    So far, HIPS + PS + FD-ISR have everything under tight control from invaders of any sort.

    RELAXED & FREE :cool:
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    So that should make you a virtual shadow? ;)

    I do not even care anymore. Even when I om our weakest secured PC (A2 IDS + WinPooch + DefenseWall), I make an image backup (takes 2 minutes with Maxblast and perform a smart data backup to our external harddrive which takes less than a minute). Start fiddling with aps, and roll back before shutdown.
     
Loading...
Thread Status:
Not open for further replies.