On Thu, Feb 03, 2005 at 05:29:15PM +0200, Gadi Evron wrote:
You will never be sure you have picked up all, only the known ones. For a compromised system, unless running tripwire or something, reinstall!
You can never be sure, that's why it's a backdoor/Trojan horse.
Its a nice start, but it also tell people i am safe, and they dont know
Yes, it is. AV products have not taken Trojan horses seriously for years, and called them "garbage" samples. Now they start to change that due to almost any sample out there being also a Trojan horse, but not drastically enough
for sure. Seeing our abuse department getting tickets over and over about the same customers its a fact that they just simple are not able to clean it out easilly. Then its better to instert foot (CD) and start all over.
Then using AT programs is a good start. A clean slate is always better, but your grandma won't agree.
Unfortunately, starting over in some operating systems means re-installing EVERYTHING, and since applications tend to get installed over time, the installation media for each and every app may not be available. Backups are not very useful, because just placing the executables and the work product/data files in the right place will not work in some Windows systems if the proper registry entries are not there. Also, if you reinstall in the wrong order you can wind up in DLL hell.
Gadi.
-- -=[L]=-