New
#11
Also PC Pitstop Forums?
The question mark is part of the address ... not a question :)
Yup, I missed PCP. Added a link to the Viruses, Spyware, Adware forum.
Hmm, I am so glad I always have yesterdays image and do not have to jump thru all those hoops.
As you know, whs, most people are not that organized or diligent. At the sites that I administer, I ask that the posted logs include an ARK scan and also t hat ERUNT be installed to ensure there is a valid registry backup.
(Although not active at all of the listed sites, I bet that between Jacee and myself we are most likely a member of most of the listed sites -- at least the English language sites and some of the non-English sites that have private forums for the security community.)
Corrine, with that being said, I will continue telling people that frequent imaging is their best protection. Apart from a $50 to $70 external disk, it takes so little that everybody should really do it.
.
Free log analysis from pro security advisers is a terrific resource, however sometimes there isn't enough time to make use of it. In the field I often have 3-4 hours max to get a system up. If I can't clean it in an hour I have to move on to data backup and re-installation of the OS. I was thinking that maybe HiJackThis combined with automated log analysis could be "Plan B" when on demand scanners fail, but it sounds like the automated analysis can't be relied on (?)
Hi, Victek.
Nothing beats a visual inspection and too much can be hidden from HJT -- or just not available for evaluation.
How come you are not using imaging? That would be a lot faster. Or are those customers on which you have no influence on what they are doing.If I can't clean it in an hour I have to move on to data backup and re-installation of the OS.
.
Unfortunately these are not personal customers that I can educate over time and setup on a proper backup/imaging schedule. They are folks that I help through an "on call" tech service I accept work from. I go to them and can't remove their systems. It's a small time window that limits my cleanup options
Since you working via a tech service, Victek, perhaps you would find it advantageous to obtain a Malwarebytes' Anti-Malware Technician's License. It is an annually renewable subscription. With that license, you can install MBAM on disk or USB key or both and then update the rules.ref file from your own copy on your own computer to take to your customer's computer. There is a license restriction that you can use it on only one computer at any given time and that it must be uninstalled before using it on another computer.
Inquires can be made about the Technician's License here: Corporate Licensing : Malwarebytes