Zero Day Malware Cleaning with the Sysinternals Tools

Discussion in 'other anti-malware software' started by ronjor, Aug 16, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    -http://download.sysinternals.com/Files/SysinternalsMalwareCleaning.pdf
     
  2. DevilFrank

    DevilFrank Registered Member

    Joined:
    Jul 20, 2003
    Posts:
    108
    A very good read. Thx Ronjor.
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks Ron.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Just goes to show what can be acheived with a few Good tools :)

    But he does acknowledge that "Cleaning is going to get much harder" :eek:

    No mention of a dedicated AntiRootkit tool though :D
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    My Thanks also Ron. Very useful
     
  6. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Very helpful article indeed:thumb:
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Similar material is found in "Advanced Malware Cleaning Techniques for the IT Professional" - hxxp://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Advanced_Malware_Cleaning_Techniques_for_the_IT_Professional_English.pdf
     
  8. wat0114

    wat0114 Guest

    Mark Russinovich has posted some terrific articles, and this is yet another. Thank you Ron and also thank you MrBrian for your link :)
     
  9. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
  10. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    And the moral of the story is, backup your hard drive!
     
  11. wat0114

    wat0114 Guest

    Right, attempting to "clean" an infected drive is like painting over mould on drywall. It's easier and far more "absolute" to wipe the infected drive and simply restore an earlier image.
     
  12. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    The problem is most people I know don't even know about imaging; most don't even back up important documents on a USB drive!
     
  13. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    And most people won't do Imaging and won't backup important documents even when they are advised to do so.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    The advice to set Process Monitor's filter to "Category is Write then Include" is a great tip for seeing only changes to a system. Also, one can check "Drop Filtered Events" so that only displayed events are stored.
     
  15. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    the worst thing about backup is !!!!

    there is not enough space ;)
     
  16. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Always like what Mark Russinovich has to say. This guy has forgotten more about Windows than we'll ever know.
     
  17. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Ya, and before the restore, format the infected HD, and the MBR with a dedicated tool.
     
  18. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Thanks! Much appreciated! :thumb:
     
  19. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    very interesting read. thanks!
     
Loading...
Thread Status:
Not open for further replies.