[Dshield] Re: Dshield digest, Vol 1 #220 - 11 msgs
pc_freak at cats.ucsc.edu
Sun Aug 26 02:19:22 GMT 2001
At 08:17 PM 8/24/2001, Susan wrote:
>However. I have 3 computers here to verify system properties
>against. None show explorer.exe as c:\windows \explorer.exe /n,
>/e, c:\ so figure, its a hack. Could have been written to by an
>infected email even. Mobsync? I told you I have deleted it twice
I also have mobsync on my machine; I agree with the theory that it's
part of M$'s web-page-synchronizer, probably part of ActiveDesktop (the
help file pops up a window labeled "Synchronization Manager").
>I am pulling unidenitifed stuff out of registry now, I do a few lines I
>reboot i backup. Its going well but I am really just testing here i
Eeek! IMHO, pulling random stuff out of the registry is asking for
trouble, since 99% of it is probably not documented in any useful manner.
If you're really concerned, I'd say to use FDisk to erase the
partitions, re-create them, format, then re-install Winblows. First thing
you then do is install a firewall you trust (I use ZoneAlarm) and a virus
scanner. Then scan the *entire* hard-disk, setting the heuristic
sensitivity to maximum, "scan compressed files," and "scan all files" (not
just program files), and tell it not to exclude any folders (I recently
read about a virus that hides in the recycle-bin folder, which most AV
Once you're convinced the machine is clean, make a System Recovery disk
(using the Windoze utility) and another one using the AV tools (that way
you can scan from a clean disk).
Random thought for the day:
Is yours a real cat, or does it come when you call it?
More information about the list