[TriLUG] "Cleaning" a Windows machine
David Burton
ncdave4life at gmail.com
Mon Dec 22 02:57:55 EST 2014
Some things you can try.. no need to do them all, this is just the order
I'd try them:
Step 1: Try a System Restore to before the infection occurred.
Step 2: Go to control panel, programs and features, sort by "installed on"
date, and uninstall recent dubious stuff. (A lot of "infections" these days
are actually just PUPs, which, surprisingly, have working uninstallers.)
Step 3: Pull the hard disk drive, attach it as an external to a known
clean windows machine, and scan it with several tools (e.g.: whatever AV
the clean machine has, and MalwareBytes, and the ESet Online Scanner).
Step 4: ComboFix.
Dave
www.geeksalive.com
On Sun, Dec 21, 2014 at 11:22 PM, Brian McCullough <bdmc at buadh-brath.com>
wrote:
> Did the title intrigue you?
>
>
> I have a friend who has managed to get his M$ machine infected. ( I
> know, 1=1. )
>
> I was planning on taking a Live Linux disk over ( CD ) and seeing what I
> could do without booting that machine.
>
> What tools would you recommend?
>
> My impression is that ClamAV, that I use in my mail chain, is best used
> for single files, but is there a way to use it over complete filesystems?
>
>
> Anything else that is already on an Ubuntu disk, or can be installed
> with apt-get on the live cd?
>
> Do you prefer another live CD for this purpose?
>
>
>
> Thanks,
> Brian
>
>
> --
> This message was sent to: Dave Burton <ncdave4life at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/ncdave4life%40gmail.com
> Welcome to TriLUG: http://trilug.org/welcome
More information about the TriLUG
mailing list