Lanny Marcus wrote:
On Monday, 19 November 2007, Ross S. W. Walker rwalker at medallion.com wrote:
<snip> > You can fix it all from CentOS.
Ross: In addition to coming up with another slick way to fix this box, which I truly appreciate, you came up with the below:
You need to run some kind of rootkit detection and cleaner on the system before it reboots or else it will just reinstall itself.
Question: What would you suggest I run? Suggestions are most welcome and solicited! BTW, the system has been shut down and rebooted a bunch of times (in Linux) since the Trojan Horse hit. I have the AVG Free anti virus program running in Windows and it told me about the Trojan Horse and that the user32.dll file was damaged. It's possible that because the box is Spanish in Windows, I clicked incorrectly and made this problem much worse, but I'm not sure of that.
You know, I don't know the names of the Windows rootkit detectors myself. I do know they exist and are available from trusted vendors such as McAfee, Symantec and Kaspersky, but others on the list can probably recommend which they prefer.
Personnally if I were faced with a similar situation I would probably just copy my data files off the system and nuke it from space with a fresh format/install of Windows.
I would run all Windows accounts as restricted users from now on.
I'll try to figure out how to do that in WinXP. I won the box in a raffle and it has WinXP in Spanish, which is not my native language. If I need to reinstall everything (I believe I can avoid that, with the suggestions you and others on this mailing list have made), Dell sent me an English language WinXP CD, last week, and I'll install in English, if it comes to that.
All of your comments and suggestions are greatly appreciated! I am beginning to *hate* MS Windows, but there are still a few things we use it for. Lanny
There isn't really anything wrong with Windows, it's just Microsoft's lax default security that is the problem. As Windows is 90% of the market, trojans, viruses, worms and rootkits will be developed for it, but you can set up Windows securely without too much hassle. Only the "Administrator" user should be part of "Administrators" and "Power Users" should be treated as "Administrators".
You really need to have WinXP Pro to get the security, a secure Home setup can be done, but you need to create the first user as "Admin" or such because "Administrator" is reserved and disabled in that addition for some dumb reason, then create each additional user as "Restricted" or "Limited".
If you have a new English version from Dell it may be a lot less painful to just copy off your files and re-install the OS. Then you can take care of 2 birds with 1 stone.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.