Home page logo

pauldotcom logo PaulDotCom mailing list archives

Re: Incident Response
From: Daniel Holiday <dehaul () gmail com>
Date: Thu, 1 Jul 2010 16:19:05 -0600

This brings up a question that I have always asked - can you recover from a
machine that has had a virus on it?

I have always felt that once a piece of malware has been on the box, the box
was no longer able to be trusted and would reimage the box.

Asking if the Run and RunOnce entries have been futzered with would not
matter to me because I am going to be reimaging the whole box anyway.  I
would like to know what kind of data made its way out of my network,

What is the accepted procedure for after you have discovered a bad code on a

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]