Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: Best spyware program

from [Mike Fetherston] Network Security [Permanent Link]
Subject: RE: RE: Best spyware program
Date: Wed, 27 Jul 2005 08:16:14 -0400 
In my experience none of the spyware scanners ever seem to get a system
truly clean, especially when dealing with some of the more devious stuff
out there that keeps a process running with SYSTEM privs. They can be
handy for early warning though, so I suppose it depends on what your focus
is. If you're looking for something to tip you off to a possible
infection, any of a number of scanners works great. If you're actually
trying to get the system clean, nothing I've tried so far competes with
booting to safe mode and running hijack this.



That's been my experience as well.  I have the opportunity to see many
infected machines a week all with different symptoms, so I've been able to
try out the order of scanning and cleaning with each Spybot, Ad-Aware, MSAS,
and HijackThis.  All find traces that the other left behind no matter what
order they've been run in.

For a really bad infection I will do as you mentioned above as well as
running the other three that I mentioned all in Safe Mode.  In addition, I
will enumerate the startup registry entries and go hunting for the
individual files.  You'd be surprised how many times these scanners leave
the .exes and .dlls behind!!  While you're in %systemroot%\system32 and
other places that spyware favours, it doesn't hurt to manually scan the file
list.

Mike Fetherston
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: secure file handling, dave_boone007
Next by Date:  Re: Email Encryption, NSC
Previous by Thread:  RE: Best spyware program, Craig Wright
Next by Thread:  VoIP testing Help, Mark Sec
Indexes:  [Date] [Thread] [Top] [All Lists]