I keep my Norton Antivirus up to date, run the Symantec firewall, and *still* got infected. It appears that it came in via Internet Explorer somehow, since the compressed binaries for the rootkits were found in the IE cache directories when I did the full system scan. Now, I don't run Internet Explorer very often, just for the very rare site that won't render in Firefox, so that puzzles me. But so it goes with Windows...
Anyhow, reason I didn't post anything last night was simple -- I was engaged in all-out war upon the nasty viruses that had crept in via Internet Exploder. Now, some of you ask, "hold it, what is a Linux penguin doing running Windows?" Well, that one is simple. The corporate firewall requires special software if I want to VPN in to work. Said special software only runs on Windows. Gah!
Anyhow, I have my laptop cleaned up now, so hopefully I can get some blogging done. Or not!
-- Badtux the Computer Penguin
Just a thought: I read the other day that the virus writers now intentionally write viruses that bypass the most common antovirus software (Norton Antivirus). The smaller (and cheaper) solutions are supposed to be much better, I woould recomment Bitdefender or Nod. It's the same problem as with Windows - the thing that everybody uses is always more vulnerable to infection, because it is a bigger target.
ReplyDeleteStupid Windows crap. Vista's going to be more of the same when Stevie-B finally manages to squeeze it out; just you wait and see.
ReplyDeleteUnless you have rebuilt your system from scratch, it is not clean. Please don't trust it. Nothing on systems infected with root kits can be trusted. If this system is in the least bit mission critical, format the hard drive and rebuild the system from scratch using trusted sources. I find that one of the most telling things about Windows and the newest malware is when an MS security program director says,
ReplyDelete"...there really is no way to recover without nuking the systems from orbit."
This would be the same advice I would give anyone and it is the same for any OS. Windows, Linux, Unix, BSD, Solaris, you name it. Once any system has been compromised by a root kit, nothing on the system can be trusted--including some types of user data files. Fighting the newest malware is a task that many Linux users have little eXPerience with. That's why we use Linux. :)
An eXPerienced sysadmin.