Malware Infection? - Now what?

Discussion in 'other anti-malware software' started by Rmus, Aug 16, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    http://www.rsjones.net/warning1.gif
    ===========================​

    Have you ever been so frustrated and put out that you just blurted out the F_____ word?

    A bit of background.

    I came to Wilders a few months ago looking for information on certain types of security products - lately they’ve been referred to as IPS, IDS, HIPS, etc.

    I was surprised at how many anti-virus, -trojan, etc products are discussed, and all of the time spent updating, comparing tests to see which would "catch" more. When did people find time to enjoy using their computer, I wondered? Some seemed to have so much fear about the next "nasty" to emerge - now its rootkits - that they seemed afraid to turn on their computer lest it be swept up into the land of the holy father.

    And with all of those products available, I was surprised at how many people posted here with instances of malware infections: trojans, viruses, spyware, adware. I understand that there is a technique called hijack log, and this forum no longer posts them - I suppose that there were so many, the forum just couldn’t handle them. Why were there so many instances of infections? Why not better prevention?

    What was also surprising was how much time some people spent detecting and removing the infections - some posted back and forth for several days for help, trying this, trying that - scanning, ad infinitum, ad nauseum.

    Well, this was puzzling to me, having never experienced any of that, and I thought, what would I do if something like that did happen? The answer was easy, as I thought back to a situation where a friend related that he helped someone whose son evidently broke the house rules and opened an email attachment with a picture - turned out to be a trojan. First time that ever happened to him. My friend, after looking at the computer said, you know, Al, this is a real mess.

    Al responded, all right, just http://www.rsjones.net/format2.gif and re-install.

    Sorry to use such graphic language, because I know that word is so obnoxious to many here, and I wonder why? If something like that ever happened to me, I wouldn’t want to chance that some program would remove all traces of the stuff - I would just start over with a fresh installation. With today’s imaging and backup programs, that shouldn’t be a hassle at all.

    So, just wondering if others would do the same.

    Happy Computing!!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  2. StevieO

    StevieO Guest

    Hi Rich,

    Yes a very good F------ing point you raise.

    I think some people like to,

    A, Dabble with their systems,

    B, Don't like to feel they don't understand something,

    C, Dont want to feel beaten,

    D, Never think it's going to take as long as it can,

    E, Feel that what they have will get the job done,

    F, Ah yes back to F again !


    StevieO
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I, for one, Feel that the "Format and reinstall" method should only be used if you cannot get your OS to boot at all and there is 100% no chance or recovering.

    I am the type of person that likes to muck up a system to see if I can fix it. I have messed up my system so bad a few times that it took me over a week to fix it, but I never have formated the drive and started over. My system runs very clean and very lean.

    As far as the paranoia is concerned, I agree...people are way to scared something nasty is going to happen to their system. I have NOD installed and running along with an assortment of "on-demand" scanners, just incase...but I also visit the darkside of the internet and play with Viruses and worms to learn more about them. For the general user, a good AV will suffice...and by "General user" I mean the person that gets on 1 or 2 times a day to check their email. For those of us that spend a great deal of time playing online, a little more protection would help.

    I've had relatives tell me they unplug their system (power cable and network cable) to prevent anything from "Getting in".

    If people would follow simple common sense when dealing with computers, they wouldn't have to have a barrage of programs, that they constantly have to update, to keep their systems clean.

    My General Rules to follow:
    1) Back up your work
    2) if you don't know who sent it, don't open it
    3) if you don't know what it is, don't run it
    4) if you are unsure about something, ask somebody

    That's it. :D
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Rich,

    Many folks spend lots of time searching/scanning/rescanning/and so on. Others don't. I don't. I have a few products running, I look at an AV log maybe once a week, if I think to, lots of weeks I don't. I maybe do a spyware scan once a month, probably much less. The firewall - well that's only for application control in my world, I don't do rules. I spend a fair amount of time here, although it's generally while doing other stuff. I also have imaging software and maintain regular drive images.

    So why would I not want to format? Well, some of the stuff I do is creative - not art creative - technical analysis creative. If I did an hourly image of my machine, I'd only lose an hour of work, but there are times when you simply can't lose that hour of work. More typically, it might be a day for work. Sometimes what flowed that day won't come again easily. So I look elsewhere for recovery options - and it's not post-mortem resuscitation, it is as you note, prevention in the first place.

    If your machine is a static engine to surf, read news, do e-mail and the like, I suppose formatting might be a good primary solution. It might even be the quickest solution. The thing is, the format solution takes a lot of preplanning, preplanning that most users simply have not even considered and far fewer have executed.

    The implication that starting from anything less than a blank slate courts future problems is simply not true for the vast majority of users, in my estimation it borders on inappropriately alarmist. Sure, format if that's the quick solution for you, but I can deal with things as I've set them up now. The main reason you see a lot of back and forth in many cases is that the education in computer fundamentals that you've probably acquired over some time is being administered in crash fashion to a user in need. It's not pretty, it's not efficient, but usually the user gets back on their feet.

    Finally have I ever nuked and paved? Sure, but it wasn't due to a malware problem. Ironically it was during a beta test of an anti-malware product - it was part of what I signed on for and was prepared. I was back in business in a few hours none the worse for wear. I'm sure you're aware of the concept of cash flow in financial matters - translate that to personal matters where time is money - time flow. What does your time flow look like? Is it easier to devote little chunks of time on an on-going basis or do you have the flexibility to devote a big chunk at a given moment? Simply put, I find it easier to proceed by the pay as you go route.

    Blue
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I see there are lots of things to consider.

    It was the first (well, second) thing that I was taught, and assumed that every user had a worst-case scenario backup plan. But I can see that if you are talking about hourly changes to your OS - if I understood you correctly - that might a bit difficult to keep backed up/imaged.

    Wasn't meant to be alarmist - just practical, where time spent removing malware might be more than what would be involved in starting afresh, which was the example I gave.

    I see.

    I thought beta testers always used a test machine, or other bootable partition/HD.

    I guess this would be the determining factor.

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Not OS files. Work files. Technical reports or partially fleshed out technical analyses. At work they go to network drive. If I'm doing something similar at home it depends where the tools are. An example might be some numerical simulation of a physical process and I'm debugging the simulator I'm putting together. When you're on a roll, you're on a roll and you can crunch a lot of quality work into a short time - say 8 hours. Athletes aren't the only ones who can get in the zone. Recovery can be painful if the work is lost and, yes, they can be changing quickly while being composed.
    Take a look at some of the threads were a new user is facing a problem and the reaction when the topic of format is broached. The main issue, assuming install CD's, key codes, and key files are available (and they surprisingly often are not) is if they mishandle the process mid-stream, they might not have a second machine available to request additional assistance.
    They (I mean me) do now :)

    One of your implicit messages is an important one though - every user should be prepared to do a format at any time. For me, that means having all my activation codes stored in an Excel spreadsheet with invoice information if needed, downloaded program files burned to a separate USB hard drive ready to go (same for the spreadsheet), and the XP install and SP2 CD's in a known location ready for service. You're right, you need a worst case scenario backup plan. However, for many people the PC is really entertainment - just like your CD player or television. How many folks plan for backups there? How many folks even think of, for example, using copied CD's for they listening pleasure, saving the source for backup? This might seem a stretch, but if you use a PC for entertainment, and many do, it's not.

    Blue
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Ah, I see... I learned a hard lesson years ago, after a HD failure. I had a daily backup, of course, but lost quite a bit that I was doing during that day. I then started doing a real-time backup to my laptop. Don't know if that's possible in your home situation or not.

    That's a great plan - I'll have to work out something like that...

    That I do also.

    Someone at Wilders should create a Backup Tutorial as a Sticky.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  8. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493

    That is probably a good idea. It is a useful tool to know in case of malware infection or in case of corruption.


    Starrob
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I was thinking the same, actually even just before this thread was started. I just ordered a book that I later found a reader review stating that the chapter on backups is excellent.. maybe I'll post a summary of that and my own thoughts either here or on my page after I get the book. :) Big "maybe", though, kinda got a plate full of other stuff that I need to do as well. Maybe we should start a new thread on the subject? I know there was one quite a while ago, but it might be worth starting another..
     
Loading...
Thread Status:
Not open for further replies.