computer storm
New Member
My god you two, thank god this one has finished LOL, thought it would be pistols at dawn soon.
stugster
Active Member
You love it 
L
Lanarkshire IT Services
New Member
Hi All
Another tool for the box:
AVZ
Page is in Russian so use Google to translate.
Think it covers what we have been "debating":
Integrated Detection System Rootkit. Search RootKit goes without signatures on the basis of studies of basic system library for the interception of their functions. AVZ RootKit, UserMode RootKit KernelMode RootKit. AVZ can not only detect RootKit, but also to produce the correct lock work UserMode RootKit for its process and KernelMode RootKit at the system level. RootKit AVZ, AVZ Anti-RootKit applies to all service functions AVZ, AVZ by scanner can detect camouflaged processes, the system will search the registry "sees" the masked keys, etc. RootKit. Anti-rootkit is provided with the analyzer, which conducts the discovery processes and services, masked RootKit.
Regards
Another tool for the box:
AVZ
Page is in Russian so use Google to translate.
Think it covers what we have been "debating":
Integrated Detection System Rootkit. Search RootKit goes without signatures on the basis of studies of basic system library for the interception of their functions. AVZ RootKit, UserMode RootKit KernelMode RootKit. AVZ can not only detect RootKit, but also to produce the correct lock work UserMode RootKit for its process and KernelMode RootKit at the system level. RootKit AVZ, AVZ Anti-RootKit applies to all service functions AVZ, AVZ by scanner can detect camouflaged processes, the system will search the registry "sees" the masked keys, etc. RootKit. Anti-rootkit is provided with the analyzer, which conducts the discovery processes and services, masked RootKit.
Regards
doogie
New Member
I thought it was getting as bad as the SEO debates, LOL!
B
Baldeagle
New Member
personally I would agree with stugster on this one.
It takes about 2.5 hours to reinstall an XP PC, including drivers etc (£200 in labour costs),if you price in multiple call outs and lost time the cost of repair can be much higher. Defeat has nothing to do with it, it's simply a matter of economics at the best price for your client, if you are in a research environment then the approach may be different.
What would you do to create a virus or malware application in an ideal situation? If you can gain access to the PCs DNS or the antivirus update server then you can bypass/corrupt any antivirus/malware app fairly easily. you could even flash the BIOS if you wanted. I would even recommend flashing the BIOS to be honest on a heavily infected PC.
It takes about 2.5 hours to reinstall an XP PC, including drivers etc (£200 in labour costs),if you price in multiple call outs and lost time the cost of repair can be much higher. Defeat has nothing to do with it, it's simply a matter of economics at the best price for your client, if you are in a research environment then the approach may be different.
What would you do to create a virus or malware application in an ideal situation? If you can gain access to the PCs DNS or the antivirus update server then you can bypass/corrupt any antivirus/malware app fairly easily. you could even flash the BIOS if you wanted. I would even recommend flashing the BIOS to be honest on a heavily infected PC.
Canary Dwarf
New Member
Totally agree, wipe and reinstall (and lock down) is economically efficient for the client. Clients lose trust when new problems replace old ones.
L
Lanarkshire IT Services
New Member
OK Guys
Just some points
2.5 hours to install XP at £200? Are you mental? Ask a home user for £200 to reinstall XP at £200 and see what response you get. Ever heard of disk imaging / RIPREP / WDS? Far too long and expensive buddy.
Also - "I would even recommend flashing the BIOS to be honest on a heavily infected PC". That has to be one of the maddest statements I've ever heard.
As for the "format and reinstall" method. That's obviously the mindset you guys are in and that's cool. It just never really identifies the problem or provides any clues or methods as to secure against it in future. It just wipes everything. What happens if the problem reappears?
Anyway thats your opinions and I respect that.
Enough said.
Just some points
2.5 hours to install XP at £200? Are you mental? Ask a home user for £200 to reinstall XP at £200 and see what response you get. Ever heard of disk imaging / RIPREP / WDS? Far too long and expensive buddy.
Also - "I would even recommend flashing the BIOS to be honest on a heavily infected PC". That has to be one of the maddest statements I've ever heard.
As for the "format and reinstall" method. That's obviously the mindset you guys are in and that's cool. It just never really identifies the problem or provides any clues or methods as to secure against it in future. It just wipes everything. What happens if the problem reappears?
Anyway thats your opinions and I respect that.
Enough said.
L
Lanarkshire IT Services
New Member
I use AVZ as one of my malware removal tools which was developed by Oleg Zaitsev who is the Lead Technical Specialist / Complex Threat Analysis Group at Kaspersky.
This guy probably has probably forgotten more about malware than I or anyone else on this forum knows. Do you honestly think he's going to produce a program that produces inaccurate results?
Might do you some good to learn it rather than spend 2.5 hours reinstalling XP every time it has a virus.
Regards
B
Baldeagle
New Member
disk imaging is fine for installing the OS, you still need to install drivers, applications and copy data across will take at least 2.5 hours and for severe infections wipe it and start again.
https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies http://www.coresecurity.com/files/attachments/Persistent_BIOS_Infection_CanSecWest09.pdf
https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf
Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies http://www.coresecurity.com/files/attachments/Persistent_BIOS_Infection_CanSecWest09.pdf
L
Lanarkshire IT Services
New Member
Hi There
You can disk image the OS, applications, drivers etc in one go onto a bare metal system ie any new target system with decent imaging software. It doesn't take 2.5 hours.
I have OEM images of XP and Vista with all the common apps / drivers a user is likely to need plus security stuff.
The problem arises when you arrive at the clients pc and he has loads of different applications but he cannot find the CDs / DVDs and you dont have them either. What you gonna do then?
As for your article, there are 2 tools that I use on there:
F-Secure Backlight and
Rootrevealer (now replaced with Rootrepeal)
Both of these WILL remove rootkits WITHOUT the need to "format and reinstall".
A decent rootkit scan will take around 2-3 mins, pin point any problems then you can fix.
Compared to your 2.5 hours it doesn't make sense
Regards
computer storm
New Member
Have to agree with Lanarkshire IT on this point, a good image process and all drivers can be installed doesnt matter what system you install on so long as the drivers are located on the root of C: and that the sysprep.inf file has the correct entrys.
Trying to remove the malware and any infection is good practise but in some companys the standard is to format and re-install, as time is money and to re-image a system costs them less in down time.
Business Web Design 
Dexion Pallet Racking Supplier 
rhtltd.co.uk
Commercial LED Lighting Supplier 
BRCGS Training Course Provider 
Conveyor Part Suppliers Forum Stats
- Threads
- 4,868
- Messages
- 28,480
- Members
- 5,808
- Latest member
- novastarconstruction