North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Lou Katz
  • Date: Thu Feb 03 13:04:55 2005

On Thu, Feb 03, 2005 at 05:29:15PM +0200, Gadi Evron wrote:
> >You will never be sure you have picked up all, only the known ones. For 
> >a compromised system, unless running tripwire or something, reinstall!
> You can never be sure, that's why it's a backdoor/Trojan horse.
> >Its a nice start, but it also tell people i am safe, and they dont know 
> Yes, it is. AV products have not taken Trojan horses seriously for 
> years, and called them "garbage" samples. Now they start to change that 
> due to almost any sample out there being also a Trojan horse, but not 
> drastically enough
> >for sure. Seeing our abuse department getting tickets over and over 
> >about the same customers its a fact that they just simple are not able 
> >to clean it out easilly. Then its better to instert foot (CD) and start 
> >all over.
> Then using AT programs is a good start. A clean slate is always better, 
> but your grandma won't agree.

Unfortunately, starting over in some operating systems means re-installing
EVERYTHING, and since applications tend to get installed over time, the
installation media for each and every app may not be available. Backups
are not very useful, because just placing the executables and the work
product/data files in the right place will not work in some Windows systems
if the proper registry entries are not there.

Also, if you reinstall in the wrong order you can wind up in DLL hell.

> 	Gadi.