Home page logo

pauldotcom logo PaulDotCom mailing list archives

Re: Incident Response
From: Mike Patterson <mike () snowcrash ca>
Date: Fri, 02 Jul 2010 10:21:43 -0400

On 10-07-01 6:19 PM, Daniel Holiday wrote:
This brings up a question that I have always asked - can you recover from a
machine that has had a virus on it?

Sometimes, yes.

Is it worth it?  Usually not.

At work, sysadmins/techs will often try anyway.  I often follow up
saying "you still have a problem on that system."  It's not always the
*same* problem.

Thankfully, I've done this enough that at least within my own (central
IT) department our client support folks will default now to
format/reinstall, despite the work involved.

What is the accepted procedure for after you have discovered a bad code on a

"It depends."  :-)  But generally anything less of reinstall and restore
data from last known good backup is rife with potential problems.

Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]