Virus Issue

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 121
    Windows 7
       #21

    @ Original Poster

    Since we're talking about AV Boot CD's, and other things, you might want to check out something like this:

    UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. It runs on both Windows and Linux. You can either let UNetbootin download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you've already downloaded one or your preferred distribution isn't on the list.



    Most, if not all, of the Anti Virus Boot CD's are supported by UNetbootin.

    You can even have a USB drive with multiple boot CD's:

    Pen Drive Linux: How to create a Multiboot USB Flash Drive that you can use to Boot Multiple ISO Files from USB. Please note that you might need a 8GB-16GB or larger USB flash device to be able to support every bootable ISO entry. I will update and add more Bootable ISO files to the list as I find the time to test them. You can also contact me to submit working Bootable ISO entries for inclusion.



    Throw Hiren's Boot CD on there and the UBCD4WIN and you are ready to kill of pretty much any infection.
      My Computer


  2. Posts : 121
    Windows 7
       #22

    @ Everyone Else,

    In terms of the ever raging, ever classic manual virus removal vs Image Restore debate, there is something that I think is often ignored: And that is that there is immense value and knowledge to be gained by manually removing malware infections. There are two great benefits, at least as I see it.

    1. When you begin to study malware (whether with Process Explorer, Gmer, Hijack This, or w/e your favorite tools are) you begin a journey to a much deeper understanding of windows, and Windows Internals specifically.

      Malware, like any program, is nothing but a bunch of code being executed.



      Malware author's are not magicians, they just know Windows really well. They know that they can do things like create handles to the Windows NT Session Manager (smss.exe) so you won't be able to erase their file; they know they can list their file as a system file, so most users will never find it , even if they "show hidden files." They even know how to send encrypted data inside of the header (not the data portion) of an HTTP packet, so that even wise technicians will be oblivious.

      But this is not magic, this is Windows. This is networking. And this is computer science. And often, when you study malware, you are drawn to these topics, and your own understanding of Windows, Networking, and Computer science is deepened substantially.

    2. The other great benefit, and the one most ignored by those who support the "always re-image" position, is that studying, seeking out, and learning to manually remove viruses teaches you a lot about how to recognize an infection, including 0-day infections. How can you get better and more adept at recognizing subtle signs of infection if you never take the time to see what that virus is doing?

      The fact of the matter is, there are thousands upon thousands of Malware that your Anti Virus has no clue about. Some of them are crafted just for a specific scenario.You can't rely on your AV as a means of determining if you are 100% virus free or not.

      I have seen technicians, very smart ones, who did not recognize that svcchost.exe was a virus running in task manager. But had they spent some time removing viruses (and as a result, learning more about Windows Internals) they would have known that there is only one C in svchost.exe

      And while it is always safer to re-image, and while it is the right thing to do from a business perspective...as a technician, I think the right thing to do is study the infection, practice removing it, learn from it--and let it make you better as a result.



    Ok, you can flame me now
      My Computer


  3. Posts : 1,252
    Windows 8 Professional 64-bit
       #23

    Excellent words, no doubt.
    Last edited by Brink; 02 Sep 2010 at 23:41. Reason: removed unneeded quote
      My Computer


  4. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #24

    "Keep your friends close, but your enemies closer"
      My Computer


  5. Posts : 121
    Windows 7
       #25

    Borg 386 said:
    "Keep your friends close, but your enemies closer"
    Exactly
      My Computer


  6. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #26

    dranfu said:
    @ Everyone Else,

    In terms of the ever raging, ever classic manual virus removal vs Image Restore debate, there is something that I think is often ignored: And that is that there is immense value and knowledge to be gained by manually removing malware infections. There are two great benefits, at least as I see it...


    1. And while it is always safer to re-image, and while it is the right thing to do from a business perspective...as a technician, I think the right thing to do is study the infection, practice removing it, learn from it--and let it make you better as a result.



    Ok, you can flame me now
    Excellent post.
      My Computer


  7. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #27

    No need to flame you dranfu ... I don't deal with rootkits at any level!

    The computer has been "severley compromised", and it's time to do a complete wipe and re-installation of Windows. It will never be stable again without doing this!
      My Computer


  8. Posts : 11,840
    64-bit Windows 8.1 Pro
       #28

    While I agree that approaching it from a forensics point can be an educationally satisfying adventure, most users just want to resolve the issue....get rid of the infection! I fall in that category.

    I am a member on another forum where I have seen a fairly simple issue go on for days, while going into the menusha of taking the OS apart with logs etc, in the mean time the OP is still infected with a virus.

    While I have never been infected with a virus, I know that should it happen, I can resolve the whole issue by restoring one of my images in 20 minutes or less. To me, the choice is a no-brainer.
      My Computer


  9. Posts : 121
    Windows 7
       #29

    Tews said:
    While I agree that approaching it from a forensics point can be an educationally satisfying adventure, most users just want to resolve the issue....get rid of the infection! I fall in that category.

    I am a member on another forum where I have seen a fairly simple issue go on for days, while going into the menusha of taking the OS apart with logs etc, in the mean time the OP is still infected with a virus.

    While I have never been infected with a virus, I know that should it happen, I can resolve the whole issue by restoring one of my images in 20 minutes or less. To me, the choice is a no-brainer.
    Yes, you have a valid point, but it is not just about being educationally satisfying, it is also, at least in my mind, about learning Windows and malware better. While I of course agree that it is faster and safer to re-image, what else does re-imaging provide besides speed and a sense of security?

    That may seem like a silly question, but think about it like this: The option to re-image is always available. I can always achieve speed and a sense of security as soon as I decide to re-image. But the option to increase my skills and knowledge cannot be had by re-imaging.

    For instance, it is true that if I discover I am infected, I can quickly and easily wipe my machine. But how do I know if that virus has stolen any sensitive data from me? And what data did it steal? And how did it get in in the first place? And why was I targeted? And who wrote it? These are questions that, perhaps, a user may or may not care about: but then again, they may not be aware of what damage was done before they caught it. Either way. a person cannot answer these questions without studying what happened, as in studying malware. But by studying malware, you can figure out all of those questions.
      My Computer


  10. Posts : 121
    Windows 7
       #30

    And look at what an interesting discusion the original poster started. And he is not ever here to enjoy it.
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:13.
Find Us