Is there a risk with firewalls ctd.

Why that? You should *back them up* for later analysis and possible evidence collection.

So what? The system is still compromised, thus has to be flattened and rebuilt.

No. This is why it's called a compromise!

I think that most here would say flatten the HD format it, because of the information in the link.

Just because you have had a virus on the machine does that mean you totally wipe the machine out?

I can tell you that I have seen a virus or viruses compromise machines at work. All that happened was the virus or viruses were removed, and no machine had its HD flatten.

I guess that decision making process is going to be your decision to make.

Where you should also post is too alt.comp.anti-virus to people that deal with viruses. There are some good people there.

You should consider cutting the attack vector down on the machine by practicing safe hex.

You should also try to harden the O/S to attack a much as possible. Some of the tips I could still apply to Vista as well.

Dear Mr. Arnold.

I thank you for your measured response.

First off, you are correct this discussion has a better home in alt.comp.anti-virus, but since the thread started in comp.security firewall I continued it here.

I have read the article you pointed me to at

found it to be an extreme approach. What the author does not address and what is of interest to many users is the probability that all of the bad things he is describing, have happened at once to the infected PC. That probability must be very remote and would be of concern for a system's programmer taking care of a data fortress. He seems to indicate that not only the OS but all the data on that machine need to be discarded.

This unwillingness to be practical by demanding the utmost of security for every user seems to be widespread among the contributors to this group. If one applied the same caution in everyday life one would never be able to drive through a green light because accidents have occured when the controls malfuctioned and the other side was also green.

Thank you. I'll direct further questions to alt.comp.anti-virus.

GR.

Look, this is getting kind of old - we've told you how to remove them and also that some malware removal tools will never get it all, that's just the way it is.

Follow these directions and life will be good - MAKE SURE YOU READ THE INSTRUCTIONS WITH EACH TOOL.

Only download software you can validate as uncompromised - in the case of non-vendor site you have no guarantee that the files are unmodified or uncompromised. Anyone providing a link to a non-vendors site with a direct download should not be trusted, the vendors sites are the safest place to download their application.

No person of sound mind would download files from a hack site that requires a password to access the unknown files when they are available directly from the vendors.

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad ware removal tools and also for Antivirus tools. After you install any of these applications and update them, run them in SAFE MODE to allow them to properly clean your system.

First, make sure that your Java is updated to the latest version:

These sites are for downloading Anti-Malware and Anti-Spyware tools, in order that I would use them myself:

Dave Lipman's tools: Download MULTI_AV.EXE from the URL --

AdAwareSE can be found here: SpyBot Search and Destroy can be found here: SmitRem.exe by Noahdfear's SmitFraud, SpyAxe, SpyFalcon, removal tool

Wrong.

Doesn't matter as long as you can't guarantee that none of it had happened. If you can't be sure, your ONLY way to a clean system is format and reinstall. Period.

What makes you believe that?

No. You can check and restore your data once your system is back in a known-good state. However, as long as the system has been compromised you cannot trust anything that system tells you, because there IS a non-zero chance that it may be manipulated.

The unwillingness to follow due diligence seems to be widespread among your group. This group is about SECURITY. If you're not interested in security: go somewhere else and don't waste the time of people who try to give you reasonable advice.

cu

59cobalt

Does this also mean that this time you are willing to learn?

That's biased.

So, as several people have already indicated, your defenses have been gotten around, and you are infected. And you have no idea about the state of your system. Kaspersky finding something proves only that. You don't know what else got on your system.

Guesswork.

Which means nothing but: Kaspersky has detected what it was able to.

How about taking this opportunity to start from scratch with a better security concept?

The answer is: "yes". Firewalling means adding extra code or even extra devices, which can be attacked, too. So there is additional risk by adding firewalls, one has to compare this risk with the improvements in security those firewalls are bringing with them.

This is not enough. If your computer was infected, only flattening and rebuilding will help you to get back a clean box.

Yours, VB.

Indeed -- Many of us have seen systems so thoroughly infected that simply saving data (DOC files) is sufficient to guarantee reinfection immediately upon system restore.

Some of us have done it, either to prove we can, or for actual nefarious purposes (I'm in both categories, although in the "actual nefarious purposes" it was to annoy a friend, rather then attack an enemy)

If you want a secure answer, it's simple: Start from scratch. If you want a practical real world example, find out when the system became infected, figure out how (if you can), then restore back out to a previous date, patch the problem and hope for the best.