Go Back   Flash Flash Revolution > General Discussion > Technology
Reload this Page Malware Dev Answers Questions on Reddit
Register FAQ Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
Old 07-19-2012, 06:23 AM   #1
UserNameGoesHere
FFR Veteran
FFR Veteran
 
UserNameGoesHere's Avatar
 
Join Date: May 2008
Posts: 1,114
Send a message via AIM to UserNameGoesHere
Default Re: Malware Dev Answers Questions on Reddit
I didn't click/read it or anything, but there is one very important point I want to make.

Once you are infected with anything there are two and only two ways to truly remedy that. One such way is to restore from a known good backup (saved on some medium other than the infected one, of course -- backup partitions on an infected hard drive are no good). The other way is to wipe the medium (fully 0-write it) and reinstall everything from scratch.

NOTHING apart from one of those two methods can guarantee the malware was removed, despite what anyone else tells you. (Keep in mind the computer repair place just wants your money and will run some programs which will remove some stuff and they'll do what they can but you can never be sure it is 100% except for one of the two above methods)

Also, if you have extremely rare firmware malware (in other words, it didn't just write data to your hard drive but it updated firmware in some piece of hardware) then even restoring from a known good backup or 0-writing the drive and reinstalling from scratch won't fix it. That kind of malware is very rare though since it generally can only be written to affect some very specific piece of hardware and unless you had that exact hardware, it does nothing.

Removal of firmware malware may/may not be possible depending on the hardware and depending on the infection.
__________________
Quote:
Originally Posted by Crashfan3 View Post
Man, what would we do without bored rednecks?
[SIGPIC][/SIGPIC]
UserNameGoesHere is offline   Reply With Quote
Old 07-19-2012, 10:25 AM   #2
ELRayford
Custom User Title
FFR Veteran
 
ELRayford's Avatar
 
Join Date: May 2004
Age: 41
Posts: 1,547
Default Re: Malware Dev Answers Questions on Reddit
Quote:
Originally Posted by UserNameGoesHere View Post
Once you are infected with anything there are two and only two ways to truly remedy that. One such way is to restore from a known good backup (saved on some medium other than the infected one, of course -- backup partitions on an infected hard drive are no good). The other way is to wipe the medium (fully 0-write it) and reinstall everything from scratch.

NOTHING apart from one of those two methods can guarantee the malware was removed, despite what anyone else tells you. (Keep in mind the computer repair place just wants your money and will run some programs which will remove some stuff and they'll do what they can but you can never be sure it is 100% except for one of the two above methods)
I would have to call you on this one. It very much depends on the type of malware/infection. I have been successful in completely removing various forms of malware. Rkill bad processes, Find infected files, delete files, find bad registry entries, delete registry entries. Infection gone. Sometimes you can remove a malware infection in minutes. Sometimes you "can't" remove it without reloading the OS.

Give THIS a read. THIS is a sort of walkthrough of the manual removal process. Pretty easy.
Last edited by ELRayford; 07-19-2012 at 10:33 AM.. Reason: hungovertypingwat
ELRayford is offline   Reply With Quote
Old 07-19-2012, 04:13 PM   #3
UserNameGoesHere
FFR Veteran
FFR Veteran
 
UserNameGoesHere's Avatar
 
Join Date: May 2008
Posts: 1,114
Send a message via AIM to UserNameGoesHere
Default Re: Malware Dev Answers Questions on Reddit
Quote:
Originally Posted by ELRayford View Post
I would have to call you on this one. It very much depends on the type of malware/infection. I have been successful in completely removing various forms of malware. Rkill bad processes, Find infected files, delete files, find bad registry entries, delete registry entries. Infection gone. Sometimes you can remove a malware infection in minutes. Sometimes you "can't" remove it without reloading the OS.

Give THIS a read. THIS is a sort of walkthrough of the manual removal process. Pretty easy.
Go ahead and call me out on it. The fact of the matter is, once a machine is infected, you can never be truly, 100% sure everything is clean except for one of the two methods I stated. You can do a good job of removing most stuff, true -- but it's the malware that you don't find which is the most dangerous. And the more malware present on a machine which is findable, even the greater chances of even more malware which isn't so easy to find being present as well.

I'm not saying malware removal services aren't useful -- they are. What I am saying is you can never 100% prove you removed absolutely all malware. Because, remember, the most dangerous malware is intended to be as invisible or undetectable as possible. That includes with using the best tools available.

And if you do happen to run into firmware malware, even the two methods I mentioned won't work.
__________________
Quote:
Originally Posted by Crashfan3 View Post
Man, what would we do without bored rednecks?
[SIGPIC][/SIGPIC]
UserNameGoesHere is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Forum Jump



All times are GMT -5. The time now is 11:27 AM.

Contact Us - FlashFlashRevolution - Archive - Top

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.
Copyright FlashFlashRevolution