I see some of us are still doing surgery!
If you had the SHA1 or MD5 fingerprints for all the relative files from an identical
system, and IF you're using a known clean system to do the scanning so you can trust
the signatures. You you could find the exact file by eliminating all the known good ones.
PITA but if you're not going to just make a good customized windows install CD to
make surgery not worth it then you have to invest time at the other end.
There is no free fingerprint DB that I know of, but it's easy enough to generate
flat-file DB with MD5Deep & keep it on hand for this kind of forensics. Same app can
then be used to list only the files that don't match the DB.
Thane Sherrington wrote:
Hello All,
Here's an odd problem - I have a system (this is actually the second
machine to do this) - after removing infections, the system boots to
Safe Mode fine, I get that message saying "Safe Mode...blah blah
blah..." and you have to click Yes to run in Safe Mode or No to run
System Restore. I click Yes, the desktop comes up, but when I try to
run anything (as an example, if I click Start/Run and try to run CMD),
the screen goes blank and then the Safe Mode message comes up again as
if I had just booted up. I'm thinking a file has been damaged in
Windows. I tried System Restore with no luck, and on the last machine I
reinstalled Windows, but if I could replace the damaged file and have a
functioning Windows, I'd rather do that.
Anyone have any ideas or see this before?
T
