When faced with malware attack in progress how do you handle it?

Slightly off-topic, but I've often wondered about the ALT+F4 keystroke. Does anyone know, for a fact, that it interacts directly with the operating system/kernel, bypassing any interaction/interception with the app/window itself? Kind of like the CTRL+ALT+DEL keystroke?

Back on topic, I would never attempt clicking any of the buttons on the offending window (the "X", cancel, close, or whatever). No telling what they've programmed those buttons to do. I would try ALT-F4 then Taskmanager for the kill. I also like the idea of killing of the network connection.

Still have to look for the unusual though, even after you think you've killed it (as noted in the prior posts). Never know how much of the malicious code got downloaded.

If I think it would take a hard shutdown to truly kill it, I would do it.

For me, I simply just terminate everything running in Sandboxie. Since, i run most of my internet facing program in sandboxie, i don't really have to worry about it getting through.

CanIHaz said:

For me, I simply just terminate everything running in Sandboxie. Since, i run most of my internet facing program in sandboxie, i don't really have to worry about it getting through.

Yes, flush Sandboxie and get back to surfing

Hi Legacy7955.. that thought come to my mind to.. I use this addon, it works for FF & IN9., not sure on other browsers
it shows safe sites, bad, caution, Safe Browsing Tool | WOT (Web of Trust) :)

Hi there

One good reason for only ever connecting to the Internet via a "Virtual Machine" if it becomes infected -- then just delete that VM it and load up a new one.

However it's not possible for a lot of people.

On Malware - I'd just boot from a bootable backup / restore program like Acronis, delete your old OS and restore a known virus free image.

That's why it's important to have decent backups takem regularly.

I DON'T EVER trust any malware removal software -- How do you know what the malware has done BEFORE It's removed.

Imagine you had to repair a power cable but the only tool you had was one where the electrical insulation was faulty.
Would you use the Faulty tool to repair the cable.

Same with your computer -- would you allow an OS that had been compromised in some way to be used to "Repair itself".

I would never trust a computer that had been infected and "cleaned". Only a fresh install or restore from a clean backup would satisfy me.

IF you take decent backups a RESTORE should only take around 15 mins -- job done.

Q.E.D

(MSE does a decent job IN REAL TIME protecting against this sort of stuff. Post analysis software is USELESS -- unless protection is done in REAL TIME you might just as well not bother with A/V software at all).


Cheers
jimbo