Moose |
Don't make me assume my ultimate form!
|
|
|
Reged: 05/03/04
|
Posts: 1483
|
Loc: Outback, Australia
|
|
Send PM
|
|
Re: Nice virus
11/25/10 09:33 AM
|
|
|
> > Not to mention the 2TB of data I must scan until I am sure I got rid of that > thingy. > > oh damn, that's going to take time especially if you use several tools to scan with.
There's 2 problems here: making sure it is gone and making sure none of your files are damaged. Making sure it's gone is relatively easy. Making sure the files / data is intact is much harder. e.g. you can test zip files to make sure they are intact, but how do you know nothing was deleted or changed in the zip file (and relying on the file's size, modified date, etc wont cut the mustard, because these are so easy to fudge). With Word Docs, text files, images, vids, etc, it can be hard to tell if they are intact.
If you had recent CRC32's / MD5's / etc for every file on your system, you could check / compare and narrow down your checking to just the files that didn't match. But only a few go to these lengths ...
Or, if you have an intact backup, that was done before the attack, you could compare against this (file by file) and narrow down your checking to newer or changed files. If you do these type of checks and can't find any damaged / mismatched files, you can breath a sigh of relief.
A 3rd (and most urgent) problem is making sure the little turd can't return and that your machine is as secure as possible.
And I agree: people who write this malicious software should be hung by the nads.
Moose
|
|