Is there a risk with firewalls ctd.

Dear Group,

Recently I wrote to this group under the title 'Is there a risk with firewalls'. Unfortunately the following discussion consisted mostly of rants and mutual verbal abuse and did not help much to clarify the problem

I am opening the subject again and hope that this time the answers, if any, will be to the point and not mutual abuse.

The suggestion to use Kaspersky's free scan was of great value. It identified a number of files and said that two viruses were on the machine, without giving further info regarding these viruses.

I removed all the offending files. For one of them, call it *, I had to go into DOS mode outside of Windows, because this file was in use by windows and could not be removed from within Windows..

A subsequent Kspersky scan showed the system to be clean.

On startup however a window comes up, complaining that the file called * above is missing. After closing this window the PC works normally. This notice indicates that virus components are still residing in the registry.

Question: Is there any way to locate these components and to remove them?

Thank you


Reply to
Loading thread data ...

Why that? You should *back them up* for later analysis and possible evidence collection.

So what? The system is still compromised, thus has to be flattened and rebuilt.

No. This is why it's called a compromise!

Reply to
Sebastian G.

I think that most here would say flatten the HD format it, because of the information in the link.

formatting link
Just because you have had a virus on the machine does that mean you totally wipe the machine out?

I can tell you that I have seen a virus or viruses compromise machines at work. All that happened was the virus or viruses were removed, and no machine had its HD flatten.

I guess that decision making process is going to be your decision to make.

Where you should also post is too alt.comp.anti-virus to people that deal with viruses. There are some good people there.

You should consider cutting the attack vector down on the machine by practicing safe hex.

formatting link
You should also try to harden the O/S to attack a much as possible. Some of the tips I could still apply to Vista as well.

formatting link

Reply to
Mr. Arnold

Dear Mr. Arnold.

I thank you for your measured response.

First off, you are correct this discussion has a better home in alt.comp.anti-virus, but since the thread started in firewall I continued it here.

I have read the article you pointed me to at

formatting link
found it to be an extreme approach. What the author does not address and what is of interest to many users is the probability that all of the bad things he is describing, have happened at once to the infected PC. That probability must be very remote and would be of concern for a system's programmer taking care of a data fortress. He seems to indicate that not only the OS but all the data on that machine need to be discarded.

This unwillingness to be practical by demanding the utmost of security for every user seems to be widespread among the contributors to this group. If one applied the same caution in everyday life one would never be able to drive through a green light because accidents have occured when the controls malfuctioned and the other side was also green.

Thank you. I'll direct further questions to alt.comp.anti-virus.


Reply to

Look, this is getting kind of old - we've told you how to remove them and also that some malware removal tools will never get it all, that's just the way it is.

Follow these directions and life will be good - MAKE SURE YOU READ THE INSTRUCTIONS WITH EACH TOOL.

Only download software you can validate as uncompromised - in the case of non-vendor site you have no guarantee that the files are unmodified or uncompromised. Anyone providing a link to a non-vendors site with a direct download should not be trusted, the vendors sites are the safest place to download their application.

No person of sound mind would download files from a hack site that requires a password to access the unknown files when they are available directly from the vendors.

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad ware removal tools and also for Antivirus tools. After you install any of these applications and update them, run them in SAFE MODE to allow them to properly clean your system.

First, make sure that your Java is updated to the latest version:

formatting link
These sites are for downloading Anti-Malware and Anti-Spyware tools, in order that I would use them myself:

Dave Lipman's tools: Download MULTI_AV.EXE from the URL --

formatting link
AdAwareSE can be found here:
formatting link
SpyBot Search and Destroy can be found here:
formatting link
SmitRem.exe by Noahdfear's SmitFraud, SpyAxe, SpyFalcon, removal tool
formatting link

Reply to


Doesn't matter as long as you can't guarantee that none of it had happened. If you can't be sure, your ONLY way to a clean system is format and reinstall. Period.

What makes you believe that?

No. You can check and restore your data once your system is back in a known-good state. However, as long as the system has been compromised you cannot trust anything that system tells you, because there IS a non-zero chance that it may be manipulated.

The unwillingness to follow due diligence seems to be widespread among your group. This group is about SECURITY. If you're not interested in security: go somewhere else and don't waste the time of people who try to give you reasonable advice.


Reply to
Ansgar -59cobalt- Wiechers

Does this also mean that this time you are willing to learn?

That's biased.

So, as several people have already indicated, your defenses have been gotten around, and you are infected. And you have no idea about the state of your system. Kaspersky finding something proves only that. You don't know what else got on your system.


Which means nothing but: Kaspersky has detected what it was able to.

How about taking this opportunity to start from scratch with a better security concept?

Reply to
Straight Talk

The answer is: "yes". Firewalling means adding extra code or even extra devices, which can be attacked, too. So there is additional risk by adding firewalls, one has to compare this risk with the improvements in security those firewalls are bringing with them.

This is not enough. If your computer was infected, only flattening and rebuilding will help you to get back a clean box.

Yours, VB.

Reply to
Volker Birk

Indeed -- Many of us have seen systems so thoroughly infected that simply saving data (DOC files) is sufficient to guarantee reinfection immediately upon system restore.

Some of us have done it, either to prove we can, or for actual nefarious purposes (I'm in both categories, although in the "actual nefarious purposes" it was to annoy a friend, rather then attack an enemy)

If you want a secure answer, it's simple: Start from scratch. If you want a practical real world example, find out when the system became infected, figure out how (if you can), then restore back out to a previous date, patch the problem and hope for the best.

Reply to
DevilsPGD Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.