[AccessD] Latest Outrage from Symantec

Stuart McLachlan stuart at lexacorp.com.pg
Mon Apr 16 23:10:14 CDT 2012 

That doesn't solve the problem if system DLLs are infected and removed by the cleaning 
process.  You will still end up with an unbootable system.

Although it is possible that a subsequent "system repair"  would replace the lost files.



On 16 Apr 2012 at 23:03, John Bartow wrote:

> Another approach is to either:
> -boot an OS from a CD or USB drive
> -mount the HD to another PC
> Then clean it without running the HD's OS
> 
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Jim Dettman
> Sent: Monday, April 16, 2012 3:55 PM
> To: 'Access Developers discussion and problem solving'
> Subject: Re: [AccessD] Latest Outrage from Symantec
> 
> 
>  Problem was, it was more then just registry changes.  Any restore point I
> went to yielded a system that quickly re-loaded the rootkit and the viruses
> (with in a matter of minutes).
> 
>  If I ran TDSKiller and ComboFix, I got a clean system, but explorer.exe
> would not work (nor any program) and if I restarted, I had an un-bootable
> system.
> 
>  I might have had better luck with just restoring the registry rather then
> using a restore point, but after fooling with it for almost seven hours, I
> figured enough was enough and wiped it.
> 
>  Like I said, it was a real nasty piece of work.  Worst I've ever seen.
> 
> Jim.
> 
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Mark Simms
> Sent: Monday, April 16, 2012 04:09 PM
> To: 'Access Developers discussion and problem solving'
> Subject: Re: [AccessD] Latest Outrage from Symantec
> 
> Registry back-ups are CRITICAL.
> 
> 
> 
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
> 
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>

More information about the AccessD mailing list