Re: Virus/spyware

Tech-Archive recommends: Fix windows errors by optimizing your registry

In article <#AUzMdu0IHA.2084@xxxxxxxxxxxxxxxxxxxx>,
malke@xxxxxxxxxxxxxxx says...
Kayman wrote:

On Thu, 19 Jun 2008 16:31:36 -0700, Malke wrote:

<snip>
... I don't think the first thing you do on an infected machine is
flatten it, but in this case he and I are in complete agreement.
Your machine is too badly compromised to save.
<snip>

When should one flatten and when should one use AV scanner(s)? What is
your criteria, please?

Sorry but can't give you a definitive answer. It depends on what the
computer is infected with. You also reference "AV scanner(s)" and AV is
only part of the story. Non-viral malware can be just as invasive and

While this is no a popular answer, the answer is really simple, at least
based on the question:

When should one flatten?

Any time a computer is compromised it's been compromised because the
user doesn't know enough about security, about keeping safe. With that
in mind it means that they are also not going to know enough about
cleaning it or if it was actually cleaned.

We can all accept the fact that no single tool cleans all malware.

We can all accept that 0-day exploits are not detected nearly as well as
we would like.

We can all accept that there is no way for a "typical" user to be sure
their system is 100.0% clean of malware.

So, the proper answer to the question is, one should always flatten
their compromised system, rebuild in a clean environment from clean
media, and while doing so, they should learn about safety.

To prove the point, having seen many residential systems that are
compromised, I can assure you that after the second or third time they
have to rebuild their computer that they get tired of the down-time and
learn about keeping safe, at least the ones capable of learning do.

So, yes, it's not popular, but, there is no single tool that can provide
a 100.0% guarantee that a system is clean.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: about:blank
    ... cleaning, a re-install of the OS may often be a better choice than cleaning. ... If you want to try and clean your machine, then read ALL of this carefully ... Before you try to remove spyware using any of the programs below, download ... The process of removing certain malware may kill your internet connection. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: about:blank
    ... cleaning, a re-install of the OS may often be a better choice than cleaning. ... If you want to try and clean your machine, then read ALL of this carefully ... Before you try to remove spyware using any of the programs below, download ... The process of removing certain malware may kill your internet connection. ...
    (microsoft.public.windowsxp.general)
  • Re: Search from address bar failure
    ... You've have CWS - see information below to clean it. ... The process of removing certain malware may kill your internet connection. ... Download, UPDATE before running, and run: ... malware garbage from your System Restore backups after you've cleaned up. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Help as a "system cleaner"!
    ... >to people's houses and offices and cleaning malware and viruses ... The first decision to make, especially when you get busy, is what jobs ... - clean, log results ... Mugshot-recognition scanners for traditional malware ...
    (microsoft.public.security.virus)
  • Re: Did an online scan wondering if I have a virus or remants of headers
    ... | "Can't clean" means: ... Some malware are ... | 1) Install Eudora ... | 4) This splits out attachments into the ATTACH location as ...
    (microsoft.public.security.virus)