> i am so sorry. I just don't understand this. Computer is infected. user has > DNS redirects to any and all site for help. Why can't the good guys use some > type of fast flux or url obfuscation to hide help standalone software to > down load and use? you know, maybe I am just so damn ignorant that what I > think is a simple idea to use for Mcafee, F-secure and such to offer help is > why its not used. I mean really, bad guys hide C&C and download server > through such means, why can't the good guys? Someone just get right down and > explain this crap to me. I am so adamant that this type of idea, though not > fully fool proof, can't work.
Hi RandallM, The answer is: Once you're infected, you shouldn't be trying to clean things. Reinstall. Need files off of that box first? Mount the drive under another OS, or better yet, use the sleuthkit to get them off. cheers, tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
