worm-detection/removal ???

  • Thread starter Thread starter Hans Pesata
  • Start date Start date
H

Hans Pesata

Hi!

I would like to know how I can get rid of any worm that has infected a
WINDOWS XP-system.
I know about the worm removal tools, but there is just 1 tool for every worm
and you have to run ALL of them to find which worm has infected your system.
this takes A LOT of time with a nearly full 80GB hard-disc ...

My only solution so far was to to do a clean new install of WINDOWS-XP
with the appropriate MS-RPC-patch, but this is pretty time-consuming too...

What about NAV 2003/2004, can I use it for the worm-detection/cleaning ?

Any help with this would be greatly appreciated,
thanx in advance!

best regards,
Hans Pesata
 
Hi!

I would like to know how I can get rid of any worm that has infected a
WINDOWS XP-system.
I know about the worm removal tools, but there is just 1 tool for every worm
and you have to run ALL of them to find which worm has infected your system.
this takes A LOT of time with a nearly full 80GB hard-disc ...

My only solution so far was to to do a clean new install of WINDOWS-XP
with the appropriate MS-RPC-patch, but this is pretty time-consuming too...
Click to expand...

Aside from general worm removal aides, you might take a look at
Trend's Sysclean which handles a large number (hundreds) of current
malwares. See my web site for a download.

More generally, there are utilities (see a couple of links at my web
site) which show practically the entire startup axis ... the registry
run keys, running processses, ini files, etc. But the use of them
requires knowledge of what a normal system looks like in this regard.
In the case of HijackThis there is a web site forum available with
fairly expert help from what I hear.

It's best to do this work in Safe Mode, BTW.


Art
http://www.epix.net/~artnpeg
 
Hi!

I would like to know how I can get rid of any worm that has infected a
WINDOWS XP-system.
I know about the worm removal tools, but there is just 1 tool for every
worm and you have to run ALL of them to find which worm has infected
your system. this takes A LOT of time with a nearly full 80GB hard-disc
...

My only solution so far was to to do a clean new install of WINDOWS-XP
with the appropriate MS-RPC-patch, but this is pretty time-consuming
too...

What about NAV 2003/2004, can I use it for the worm-detection/cleaning
?

Any help with this would be greatly appreciated,
thanx in advance!

best regards,
Hans Pesata
Click to expand...

Well, it seems that you are trying to do things backward.

First, develop habits that make infections less likely.

Second, install software that blocks malware from getting installed in the
first place. NAV will work, but you probably can find something else that
is less expensive and has less overhead.

Third, regularly scan with good detection software (with recent definition
updates).

THEN check into removal tools for anything that's found, or if you have
symptoms of something specific. I certainly wouldn't use a removal tool
for (as an example) Swen unless I were pretty sure that I had been
infected with it.
 
Hi!
Well, it seems that you are trying to do things backward.
First, develop habits that make infections less likely.
Click to expand...

my job is to help people with their computer-problems and a lot of
problems are related to viruses/worms. I try to teach people how to protect
their PCs, but first I have to fix them.
Second, install software that blocks malware from getting installed in the
first place. NAV will work, but you probably can find something else that
is less expensive and has less overhead.
Click to expand...

I have seen a lot of PCs with NAV runing and worms disturbing everything in
the system.
it seems that the only way to fight this is the MS-RPC-patch and a firewall.
Third, regularly scan with good detection software (with recent definition updates).
THEN check into removal tools for anything that's found, or if you have
symptoms of something specific. I certainly wouldn't use a removal tool
for (as an example) Swen unless I were pretty sure that I had been
infected with it.
Click to expand...

I need a way to repair infected systems with minimal time-effort.
I cant know which worm has infected a system, to use a specific tool to fix
it.
I just see that something is pretty wrong. therefore I need good tools to
help me with this.

best regards,
Hans
 
Hans said:
Hi!




thanx for the hint, but these are single tools similar to the ones Symantec
provides.
I need one that is able to kill them all.
Click to expand...

well then, for your purposes i suggest you think the following way...

worms = viruses

and use an anti-virus product...
 
Hans Pesata wrote:
[snip]
I need a way to repair infected systems with minimal time-effort.
I cant know which worm has infected a system,
Click to expand...

*STOP*

think to yourself, you want to repair the damage done by a worm but you
can't be bothered to figure out which worm it was - thereby completely
skipping the step about finding out exactly what damage was done...

does that sound reasonable to you? if it does, then you're in the wrong
line of work...
to use a specific tool to fix
it.
I just see that something is pretty wrong. therefore I need good tools to
help me with this.
Click to expand...

use an anti-virus product to figure out what it was, then use a
dedicated removal tool if one exists or the anti-virus product itself
if no dedicated removal tool exists... dedicated removal tools are
preferable over the av itself as the av will often times simply
neutralize the worm/virus/whatever...
 
Hi!
use an anti-virus product to figure out what it was, then use a
dedicated removal tool if one exists or the anti-virus product itself
if no dedicated removal tool exists... dedicated removal tools are
preferable over the av itself as the av will often times simply
neutralize the worm/virus/whatever...
Click to expand...

that was exactly what I have been asking when I posted my question in this
newsgroup,
but I didnt get a clear answer, do you known if I can use NAV2003/2004 to
detect worms ?
I understand that using a dedicated worm-.removal-tool afterwards is the way
to go.

this is important for me to know, because I have to check a probably
infected system with a pretty full 80GB hard disc
and it will take NAV VERY LONG to scan all the files. If it doesnt work and
I therefore have to do a new, clean XP-setup,
I will lose quite some time my customer would have to pay for.
if I start with the clean XP-setup instead, it will cost less.

thanx for your comments!

best regards,
Hans Pesata
 
On that special day, Hans Pesata, ([email protected]) said...
but I didnt get a clear answer, do you known if I can use NAV2003/2004 to
detect worms ?
I understand that using a dedicated worm-.removal-tool afterwards is the way
to go.
Click to expand...

NAV and current signatures, yes. The problem is, modern worms place
themselves in the _restore or other corners where they can't be easily
reached. In fact, they abuse the system self repair and protection
features by disguising themselves as "system files".

The specific tools are there to cancel this system protection and render
the respective methods of the worms useless. But this strategy might
change from worm family to worm family, and require different approaches
according to the specific infection. This is the reason why there are
separate tools there for removing worms.

But first you have to know *which* worm is in the system, in order to
know which removal tool will be effective.

I hope that now you understand it.


Gabriele Neukam

(e-mail address removed)
 
Hans said:
Hi!


that was exactly what I have been asking when I posted my question in this
newsgroup,
but I didnt get a clear answer, do you known if I can use NAV2003/2004 to
detect worms ?
Click to expand...

yes... for all intents and purposes you can consider worms equivalent
to viruses and use the same software to detect them...

[snip]
this is important for me to know, because I have to check a probably
infected system with a pretty full 80GB hard disc
and it will take NAV VERY LONG to scan all the files. If it doesnt work and
I therefore have to do a new, clean XP-setup,
I will lose quite some time my customer would have to pay for.
if I start with the clean XP-setup instead, it will cost less.
Click to expand...

cost less how? what about the value of the data that will be lost when
you do that, is that figured into your cost/benefit analysis?
 
that was exactly what I have been asking when I posted my question in this
newsgroup,
but I didnt get a clear answer, do you known if I can use NAV2003/2004 to
detect worms ?
Click to expand...

AV software will detect worms, that it knows about. So, if you're looking
to clean a system of worms that have been around for a while, it'll work,
or at least, should find them. Make sure you're booting from a known
clean boot disk or cd, just in case the malware is stealth, or can prevent
the av from running.

Don't rely on it to block new worms. Keep the software updated, and try
to teach the user's about safe hex.
I understand that using a dedicated worm-.removal-tool afterwards is the way
to go.
Click to expand...

Unless you enjoy doing things manually, I'd say it's the only way to go.
this is important for me to know, because I have to check a probably
infected system with a pretty full 80GB hard disc
and it will take NAV VERY LONG to scan all the files. If it doesnt work and
I therefore have to do a new, clean XP-setup,
Click to expand...

Make sure you limit the scanning to executables, and try to get the user to
clean up stuff they don't need, before you visit.
I will lose quite some time my customer would have to pay for.
if I start with the clean XP-setup instead, it will cost less.
Click to expand...

Why not let the customer decide? Give them an estimate of the cost
of a clean install, versus cleanup.

Regards, Dave Hodgins
 
Hi!

Thanx a lot for all the useful information and hints!
This is very valueable for me and helps me to learn how to deal with this
nasty topic.

Best Regards,
Hans Pesata
 
Hi!
cost less how? what about the value of the data that will be lost when
you do that, is that figured into your cost/benefit analysis?
Click to expand...

of course I would backup the users important files/documents BEFORE I do a
new system-setup.

Best Regards,
Hans
 
Back
Top