I only browsed through the article, but it looks pretty nice. I think everyone who is interested in malware, especially everyone who is in the White Hat
, Info Security
, malware removal
end of the spectrum has their own method of doing things.
Personally, I like to get as deep into Windows as I can when dealing with malware. I like to use tools that let me do things at a low level, like sys internals tools or Gmer, or just using the command line and searching the registry.
If I don't have an adequte tool for a job, I'll often write a script or sometimes a program that will do it for me. For example, I was (and still am) often fed up with so-so
web site filters, because they aren't always current. So I wrote a tool for the Outpost Firewall
that takes a bunch of malware list, like the Malware Domain List
, IP address blocking list
, and others and converted them to the .lst format that Outpost uses. Afterwards, I could block not just thousands, but hundreds of thousands of current infected domains.
But there are of course times that I have to rely on automated tools, like Boot CD's, pocket kill box, etc. So it is each to his own.
Your article was great though, and it has a lot of nice tips, and even some software I had never heard of.
Thank you for sharing it