Home page logo
/

basics logo Security Basics mailing list archives

Re: Virus infection procedure
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Sat, 24 Sep 2011 00:00:45 +0200

On 2011-09-23 eric.buggenhout () gmail com wrote:
Yesterday we had a virus infection on the PC of one of our technical
support guys here at my company. Normally it's not really my problem
but I'm somewhat of the go-to guy for security here so they called me
up.

We have antivirus software installed on all hosts (Symantec Endpoint
Protection) and updated a couple of times every day but when he
attached an (infected) external HDD to his PC the virus/worm got in
anyway.
I know that no antivirus software is 100% virusproof so my question
for you guys is : 

What would be the best procedure to follow in case you get infected
anyway?

That depends. Do you want to investigate the matter? In that case I'd
suggest to take a memory snapshot if possible, then switch the computer
off. Don't shut it down, unplug the cable so that the malware won't be
able to notice what's going on and wipe its tracks. Create an image of
the harddisk and a second copy of that image for actual analysis. Put
the first image in a safe place. Keep a protocol of everything you did
with date and time. Documenting cryptographic hashes of the images you
created is a good idea, too.

After that, or in case you don't want to investigate: flatten and
rebuild the system. Trying to clean the system is futile.

http://technet.microsoft.com/en-us/library/cc512587.aspx

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault