On Thu, 06 Apr 2006 08:17:30 MDT, lucretias said: > I would disagree with all of Susan's assumptions. Why should you rebuild > if your simply infected?
Tell me - are you willing to bet being totally 0wned again if you guess wrong on "simply infected"? > How someone could also determine you have a rootkit installed with no > analysis and the shakey details you posted I'm not certain either. Again, even the shaky details we have, indicate a situation with a high likelyhood of a rootkit being present. Proceeding as if one is present is much safer than assuming that there isn't one. > Assuming it was bad surfing is also a bad assumption. It's highly likely > that the infection was either from email or a downloaded and installed piece > of software. My money goes on a drive-by fruiting that used one of the currently known unpatched IE vulnerabilities. Anybody who goes to the length of installing fingerprint scanners will most likely have drilled into the kids: "No clicky-click the 'oooh shiny'!! Or *else*". > A simple clean up would do the trick. > > Then clean the infections. I have yet to meet an infection I couldn't > clean. You willing to bet the machine's security on "the A/V id'ed it as W32-foobar, and Symantec says it alters 5 registry keys, so it can't possibly be a variant that alters 6"? Or maybe it's not W32-foobar *at all* - but some unknown malware that includes deactivated chunks of W32-foobar just to delude you into thinking that since you removed all the pieces of W32-foobar, that the machine is in fact clean? You might want to consider whether "I have yet to meet an infection that I didn't convince myself was fully cleaned" is being more truthful. Did you dig out and sanitize 100% of every infection? or just 100% of what you found?
pgpOUvuDFNiLj.pgp
Description: PGP signature
