[CentOS] Dual boot box: WinXP & CentOS 5: Impossible torestoreWinXP?

[Ross S. W. Walker]

Lanny Marcus wrote:
> 
> On Monday, 19 November 2007, Ross S. W. Walker rwalker at 
> medallion.com wrote:
> <snip>
> > You can fix it all from CentOS.
> 
> Ross: In addition to coming up with another slick way to fix this box,
> which I truly appreciate, you came up with the below:
> 
> >You need to run some kind of rootkit detection and cleaner on the
> >system before it reboots or else it will just reinstall itself.
> 
> Question:   What would you suggest I run? Suggestions are most welcome
> and solicited!  BTW, the system has been shut down and rebooted a
> bunch of times (in Linux) since the Trojan Horse hit. I have the AVG
> Free anti virus program running in Windows and it told me about the
> Trojan Horse and that the user32.dll file was damaged. It's possible
> that because the box is Spanish in Windows, I clicked incorrectly and
> made this problem much worse, but I'm not sure of that.

You know, I don't know the names of the Windows rootkit detectors
myself. I do know they exist and are available from trusted vendors
such as McAfee, Symantec and Kaspersky, but others on the list can
probably recommend which they prefer.

Personnally if I were faced with a similar situation I would probably
just copy my data files off the system and nuke it from space with
a fresh format/install of Windows.

> > I would run all Windows accounts as restricted users from now on.
> 
> I'll try to figure out how to do that in WinXP. I won the box in a
> raffle and it has WinXP  in Spanish, which is not my native language.
> If I need to reinstall everything (I believe I can avoid that, with
> the suggestions you and others on this mailing list have made), Dell
> sent me an English language WinXP CD, last week, and I'll install in
> English, if it comes to that.
> 
> All of your comments and suggestions are greatly appreciated! I am
> beginning to *hate* MS Windows, but there are still a few things we
> use it for. Lanny

There isn't really anything wrong with Windows, it's just Microsoft's
lax default security that is the problem. As Windows is 90% of the
market, trojans, viruses, worms and rootkits will be developed for it,
but you can set up Windows securely without too much hassle. Only
the "Administrator" user should be part of "Administrators" and
"Power Users" should be treated as "Administrators".

You really need to have WinXP Pro to get the security, a secure Home
setup can be done, but you need to create the first user as
"Admin" or such because "Administrator" is reserved and disabled in
that addition for some dumb reason, then create each additional
user as "Restricted" or "Limited".

If you have a new English version from Dell it may be a lot less
painful to just copy off your files and re-install the OS. Then 
you can take care of 2 birds with 1 stone.

-Ross

______________________________________________________________________
This e-mail, and any attachments thereto, is intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information. If you are not the intended recipient
of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this e-mail, and any attachments thereto,
is strictly prohibited. If you have received this e-mail in error,
please immediately notify the sender and permanently delete the
original and any copy or printout thereof.